CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2826
https://notcve.org/view.php?id=CVE-2022-2826
28 Oct 2022 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 10.0 anteriores a 12.9.8, todas las versiones desde 12.10 anteriores a 12.10.7, todas las versiones desde 13.0 anteriores a 13.0.1. TODO • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2865
https://notcve.org/view.php?id=CVE-2022-2865
17 Oct 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4 y 15.3 anteriores a 15.3.2... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2931
https://notcve.org/view.php?id=CVE-2022-2931
17 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando todas las versiones anteriores a 15.1.6, todas las versiones a partir de 15.2 anteriores a 15.2.4 y a todas las versiones a partir de 15.3 anterio... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3030
https://notcve.org/view.php?id=CVE-2022-3030
17 Oct 2022 — An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. Un problema de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 15.1.6, a todas las versiones a partir de 15.2 anteriores a 15.2.4, a todas las versiones a partir de 15.3 anteriores a 15.3.2 permite revelar el estado de las tuberías a usuar... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3283
https://notcve.org/view.php?id=CVE-2022-3283
17 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a todas las versiones a partir de 15.3 anteriores a 15.3.4, a todas... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2592
https://notcve.org/view.php?id=CVE-2022-2592
17 Oct 2022 — A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. Una falta de comprobación de la longitud en las descripciones de Snippet en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 anteriores ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3279
https://notcve.org/view.php?id=CVE-2022-3279
17 Oct 2022 — An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs Una excepción no manejada en el análisis del registro de trabajos en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a la 15.3 anteriores a 15.3.4 y a la 15.4 anteriores a 15.4.1 permite a un atacante impedir el acceso a los registros de trabajos • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2908
https://notcve.org/view.php?id=CVE-2022-2908
17 Oct 2022 — A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. Se ha detectado una potencial vulnerabilidad DoS en Gitlab CE/EE versiones a partir de 10.7 anteriores a 15.1.5, todas las versiones a partir de 15.2 anteriores a 15.2.3, todas las versiones a partir de 15.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2908.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
17 Oct 2022 — A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •