Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4255 1Gitlab 1Gitlab Nov 21, 2024 Jan 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.
CVE-2022-4205 1Gitlab 1Gitlab Mar 27, 2025 Jan 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
CVE-2022-4201 1Gitlab 1Gitlab Mar 27, 2025 Jan 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.
CVE-2022-4335 1Gitlab 1Gitlab Mar 28, 2025 Jan 27, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.
CVE-2022-4092 1Gitlab 1Gitlab Apr 1, 2025 Jan 26, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
CVE-2022-4054 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project m...Show more An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.Show less
CVE-2022-3902 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 6.4 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project m...Show more An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.Show less
CVE-2022-3820 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address re...Show more An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.Show less
CVE-2022-3740 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .Show less
CVE-2022-3572 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the...Show more A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.Show less
CVE-2022-3482 1Gitlab 1Gitlab Nov 21, 2024 Jan 26, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we se...Show more An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members onlyShow less
CVE-2022-3478 1Gitlab 1Gitlab Apr 2, 2025 Jan 26, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a D...Show more An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.Show less
CVE-2022-2907 1Gitlab 1Gitlab Apr 4, 2025 Jan 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.Show less
CVE-2022-2251 1Gitlab 1Runner Apr 8, 2025 Jan 17, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets anot...Show more Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.Show less
CVE-2023-0042 1Gitlab 1Gitlab Apr 8, 2025 Jan 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2022-4365 1Gitlab 1Gitlab Apr 8, 2025 Jan 12, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer c...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.Show less
CVE-2022-4342 1Gitlab 1Gitlab Nov 21, 2024 Jan 12, 2023 N/A· v4 3.8 LOW· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer c...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.Show less
CVE-2022-4167 1Gitlab 1Gitlab Apr 8, 2025 Jan 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses...Show more Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.Show less
CVE-2022-4131 1Gitlab 1Gitlab Apr 8, 2025 Jan 12, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause De...Show more An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.Show less
CVE-2022-4037 1Gitlab 1Gitlab Apr 8, 2025 Jan 12, 2023 N/A· v4 8.5 HIGH· v3 N/A· v2 An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email...Show more An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.Show less

Previous 1...303132...71 Next