Gitlab

GitLab

1310 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-1175

  • EPSS 10.32%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:11

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.

6.5

CVE-2022-1185

  • EPSS 0.37%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:12

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file

5.3

CVE-2022-1188

  • EPSS 0.33%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirror...

4.3

CVE-2022-1189

  • EPSS 0.22%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the a...

5.4

CVE-2022-1190

  • EPSS 1.65%
  • Veröffentlicht 04.04.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:40:13

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.

4.3

CVE-2022-0740

  • EPSS 0.08%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:17

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 make...

4.3

CVE-2022-1099

  • EPSS 0.17%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:01

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab

4.3

CVE-2022-1100

  • EPSS 0.17%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:02

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused expo...

4.3

CVE-2022-1105

  • EPSS 0.2%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:02

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disable...

3.5

CVE-2022-1111

  • EPSS 0.25%
  • Veröffentlicht 04.04.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:04

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the p...