CVE-2022-3283
https://notcve.org/view.php?id=CVE-2022-3283
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a todas las versiones a partir de 15.3 anteriores a 15.3.4, a todas las versiones a partir de 15.4 anteriores a 15.4.1 Mientras era clonado un problema con contenido especialmente diseñado añadido a la descripción podría haberse usado para desencadenar un alto uso de la CPU • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json https://gitlab.com/gitlab-org/gitlab/-/issues/361982 https://hackerone.com/reports/1543718 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-2931
https://notcve.org/view.php?id=CVE-2022-2931
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando todas las versiones anteriores a 15.1.6, todas las versiones a partir de 15.2 anteriores a 15.2.4 y a todas las versiones a partir de 15.3 anteriores a 15.3.2. El contenido malformado añadido a la descripción del problema podría haber sido usado para desencadenar un alto uso de la CPU • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json https://gitlab.com/gitlab-org/gitlab/-/issues/361982 https://hackerone.com/reports/1543718 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-3060
https://notcve.org/view.php?id=CVE-2022-3060
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests Un control inapropiado de un identificador de recurso en el seguimiento de errores en GitLab CE/EE, afectando a todas las versiones a partir de 12.7, permite que un atacante autenticado genere contenido que podría causar que una víctima realice peticiones arbitrarias no deseadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json https://gitlab.com/gitlab-org/gitlab/-/issues/365427 https://hackerone.com/reports/1600343 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json https://gitlab.com/gitlab-org/gitlab/-/issues/362272 https://hackerone.com/reports/1563379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2865
https://notcve.org/view.php?id=CVE-2022-2865
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4 y 15.3 anteriores a 15.3.2. Era posible explotar una vulnerabilidad en la configuración de la función de color de las etiquetas que podía conllevar a un ataque de tipo XSS almacenado que permitía a atacantes llevar a cabo acciones arbitrarias en nombre de las víctimas en el lado del cliente • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json https://gitlab.com/gitlab-org/gitlab/-/issues/370873 https://hackerone.com/reports/1665658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •