CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2459
https://notcve.org/view.php?id=CVE-2022-2459
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. Se ha detectado un problema en GitLab EE afectando a todas las versiones anteriores a la 15.0.5, a todas las ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2459.json • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2500
https://notcve.org/view.php?id=CVE-2022-2500
05 Aug 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.0.5, a 15.1 anterior a 15.1.4 y 15.2 anteriores a 15.2.1. Un fallo de tipo XSS almacenado en los mensajes de error de... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2500.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2534
https://notcve.org/view.php?id=CVE-2022-2534
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 9.3 anteriores a 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las versiones a partir de 15.2 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2534.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2303
https://notcve.org/view.php?id=CVE-2022-2303
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2303.json • CWE-287: Improper Authentication •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2326
https://notcve.org/view.php?id=CVE-2022-2326
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las versiones a p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2326.json • CWE-863: Incorrect Authorization •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2456
https://notcve.org/view.php?id=CVE-2022-2456
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1954
https://notcve.org/view.php?id=CVE-2022-1954
01 Jul 2022 — A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers Una vulnerabilidad de Denegación de Servicio por Expresiones Regulares en GitLab CE/EE que afecta a todas las versiones desde la 1.0.2 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1, permite a un atacant... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1954.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1999
https://notcve.org/view.php?id=CVE-2022-1999
01 Jul 2022 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones desde la 8.13 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1. Bajo determinadas condiciones, usando la API REST un usuario no privilegiado podía cambiar l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1999.json •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1983
https://notcve.org/view.php?id=CVE-2022-1983
01 Jul 2022 — Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. Una autorización incorrecta en GitLab EE afectando a todas las versiones desde la 10.7 anteriores a 14.10.5, 15.0 anteriores a 15.0.4 y 15.1 anteriores a 15.1.1, permitía a un ataca... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1983.json • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2227
https://notcve.org/view.php?id=CVE-2022-2227
01 Jul 2022 — Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions Un control de acceso inapropiado en la API de trabajos del corredor en GitLab CE/EE afectando a todas las versiones anteriores a 14.10.5, 15.0 anteriores a 15.0.4, y 15.1 anteriores a 15.1.1, permite a un mantenedor anterior de un proy... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2227.json • CWE-732: Incorrect Permission Assignment for Critical Resource •