Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1936 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | ||||
| CVE-2023-1555 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | ||||
| CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | ||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | ||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | ||||
| CVE-2023-0632 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | ||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | ||||
| CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | ||||
| CVE-2022-4289 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users. | ||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | ||||
| CVE-2022-3331 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. | ||||
| CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | ||||
| CVE-2022-3325 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. | ||||
| CVE-2022-3293 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | ||||
| CVE-2022-3291 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache | ||||
| CVE-2022-3288 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. | ||||
| CVE-2022-3286 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token | ||||
| CVE-2022-3283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | ||||
| CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | ||||
| CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | ||||