CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1099
https://notcve.org/view.php?id=CVE-2022-1099
04 Apr 2022 — Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab La adición de un número muy grande de etiquetas a un corredor en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2 permite a un atacante afectar al rendimiento de GitLab • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1099.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0740
https://notcve.org/view.php?id=CVE-2022-0740
04 Apr 2022 — Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. Una autorización incorrecta en la funcionalidad integration's branch restriction de Asana en todas las versiones de GitLab CE/EE a partir de la versión 7.8.0 antes de la 14.7.7, todas las versiones a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0740.json • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0741
https://notcve.org/view.php?id=CVE-2022-0741
01 Apr 2022 — Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. Una comprobación de entrada inapropiada en todas las versiones de GitLab CE/EE usando sendmail para enviar correos electrónicos permitía a un atacante robar variables de entorno por medio de direcciones de correo electrónico especialmente diseñadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0741.json • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0425
https://notcve.org/view.php?id=CVE-2022-0425
01 Apr 2022 — A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. Una vulnerabilidad de reenganche de DNS en la integración de Irker IRC Gateway en todas las versiones de GitLab CE/EE desde la versión 7.9, permite a un atacante desencadenar ataques de tipo Server Side Request Forgery (SSRF) • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0425.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39908
https://notcve.org/view.php?id=CVE-2021-39908
01 Apr 2022 — In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. En todas las versiones de GitLab CE/EE a partir de la 0.8.0 antes de la 14.2.6, en todas las versiones a partir de la 14.3 antes de la 14.3.4, y en todas las versiones a partir de la 14.4 antes de la 14.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39908.json • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0489
https://notcve.org/view.php?id=CVE-2022-0489
01 Apr 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 8.15 . Era posible desencadenar un DOS usando la función de matemáticas con una fórmula específica en los comentarios de la edición • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0489.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0136
https://notcve.org/view.php?id=CVE-2022-0136
28 Mar 2022 — A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature. Se ha detectado una vulnerabilidad en GitLab versiones 10.5 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1. GitLab era vulnerable a un ataque de tipo SSRF ciego mediante la funcionalidad Project Import • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0136.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-39876
https://notcve.org/view.php?id=CVE-2021-39876
28 Mar 2022 — In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. En todas las versiones de GitLab CE/EE desde versión 11.3, el endpoint para autocompletar la asignación divulga los miembros de los grupos privados • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39876.json • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0488
https://notcve.org/view.php?id=CVE-2022-0488
28 Mar 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 8.10. Era posible desencadenar un tiempo de espera en una página con markdown al usar una cantidad específica de comillas de bloque • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0488.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0344
https://notcve.org/view.php?id=CVE-2022-0344
28 Mar 2022 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project Se ha detectado un problema en GitLab afectando a todas las versiones a partir de la 10.0 anteriores a 14.5.4, todas las versiones a partir de la 10.1 anteriores a ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0344.json •