Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-0136

  • EPSS 0.2%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:37:58

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.

9.1

CVE-2022-0249

Exploit
  • EPSS 0.23%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:13

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

6.1

CVE-2022-0283

  • EPSS 0.18%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:17

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.

4.3

CVE-2022-0344

Exploit
  • EPSS 0.3%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:25

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users...

4.3

CVE-2022-0371

  • EPSS 0.28%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:28

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search ...

8.8

CVE-2022-0427

Exploit
  • EPSS 0.12%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:36

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover

4.3

CVE-2022-0488

  • EPSS 0.15%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:45

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.

6.5

CVE-2022-0549

Exploit
  • EPSS 0.13%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:53

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to...

9.8

CVE-2022-0735

  • EPSS 28.23%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:17

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registr...

7.5

CVE-2022-0738

  • EPSS 0.19%
  • Veröffentlicht 28.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:17

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with S...