CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0738
https://notcve.org/view.php?id=CVE-2022-0738
28 Mar 2022 — An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de la 14.6 anteriores a 14.6.5, todas las versiones a partir de la 14.7 anteriores a 14.7.4, todas las versiones a partir de la 14.8 anterior... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0738.json • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0751
https://notcve.org/view.php?id=CVE-2022-0751
28 Mar 2022 — Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands Una visualización imprecisa de los archivos Snippet que contienen caracteres especiales en todas las versiones de GitLab CE/EE permite a un atacante crear Snippets con contenido engañoso que podría engañar a usuarios desprevenidos para que ejecuten comandos arbitrario • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0751.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0371
https://notcve.org/view.php?id=CVE-2022-0371
28 Mar 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 11.4 anteriores a 14.5.4, todas las versiones a partir de la 14.6 anteriores a 14... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0371.json •
CVSS: 10.0EPSS: 16%CPEs: 6EXPL: 0CVE-2022-0735
https://notcve.org/view.php?id=CVE-2022-0735
28 Mar 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 12.10 anteriores a 14.6.5, todas las versiones a partir de la 14.7 anteriores a ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2021-39892
https://notcve.org/view.php?id=CVE-2021-39892
18 Jan 2022 — In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users. En todas las versiones de GitLab CE/EE desde la versión 12.0, un usuario con bajos privilegios puede importar usuarios de proyectos en los que no presenta rol de mantenedor y revelar las direcciones de correo electrónico de esos usuarios • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39892.json •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39942
https://notcve.org/view.php?id=CVE-2021-39942
18 Jan 2022 — A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service. Una vulnerabilidad de denegación de servicio en GitLab CE/EE que afecta a todas las versiones a partir de la 12.0 anteriores a 14.3.6, a todas las versiones a partir de la 14.4 anteriore... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39942.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0090
https://notcve.org/view.php?id=CVE-2022-0090
18 Jan 2022 — An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in the UI. Se ha detectado un problema que afecta a versiones de GitLab anteriores a la 14.4.5, entre la 14.5.0 y la 14.5.3, y entre la 14.6.0 y la 14.6.1. GitLab está configurado de forma que no ignora las referencias... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0090.json • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0093
https://notcve.org/view.php?id=CVE-2022-0093
18 Jan 2022 — An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds. Se ha detectado un problema que afecta a versiones de GitLab anteriores a 14.4.5, entre 14.5.0 y 14.5.3, y entre 14.6.0 y 14.6.1. GitLab permite que un usuario con una contraseña caducada acceda a información confidencial mediante canales RSS • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0093.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0125
https://notcve.org/view.php?id=CVE-2022-0125
18 Jan 2022 — An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 12.0 anteriores a 14.4.5, todas las versiones a partir de la 14.5.0 anteriores a 14.5.3, todas las versiones a par... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0125.json • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0154
https://notcve.org/view.php?id=CVE-2022-0154
18 Jan 2022 — An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account. Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 7.7 anteriores a 14.4.5, a todas las versiones a partir de la 14.5.0 ante... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0154.json • CWE-352: Cross-Site Request Forgery (CSRF) •