CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3483
https://notcve.org/view.php?id=CVE-2022-3483
09 Nov 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.1 anteriores a 15.3.5, todas las versiones... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3486
https://notcve.org/view.php?id=CVE-2022-3486
09 Nov 2022 — An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. Una vulnerabilidad de redireccionamiento abierto en GitLab EE/CE que afecta a todas las versiones desde la 9.3 anterior a la 15.3.5, la 15.4 anterior a la 15.4.4 y la 15.5 anterior a la 15.5.2, permite a un atacante redirigir a los usuarios a una ubicación arbitraria si confían en l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2826
https://notcve.org/view.php?id=CVE-2022-2826
28 Oct 2022 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 10.0 anteriores a 12.9.8, todas las versiones desde 12.10 anteriores a 12.10.7, todas las versiones desde 13.0 anteriores a 13.0.1. TODO • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 1%CPEs: 6EXPL: 0CVE-2022-2882
https://notcve.org/view.php?id=CVE-2022-2882
28 Oct 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.6 anteriores a 15.2.5, todas las versiones ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3639
https://notcve.org/view.php?id=CVE-2022-3639
21 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE que afecta a todas las versiones desde la 10.8 anteriores a 15.1.6, a todas las versiones desde la 15.2 anteriores a 15.2.4, a todas las versiones desd... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43411
https://notcve.org/view.php?id=CVE-2022-43411
19 Oct 2022 — Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. Jenkins GitLab Plugin versiones 1.5.35 y anteriores, usa una función de comparación de tiempo no constante cuando comprueba si el token de webhook proporcionado y el esperado son iguales, permitiendo potencialmente a atacantes usar métodos estadísticos para obte... • http://www.openwall.com/lists/oss-security/2022/10/19/3 • CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2533
https://notcve.org/view.php?id=CVE-2022-2533
17 Oct 2022 — An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de 12.10 anteriores... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2533.json • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2592
https://notcve.org/view.php?id=CVE-2022-2592
17 Oct 2022 — A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. Una falta de comprobación de la longitud en las descripciones de Snippet en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 anteriores ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
17 Oct 2022 — A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •