CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2307
https://notcve.org/view.php?id=CVE-2022-2307
05 Aug 2022 — A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. Una falta de borrado en cascada en GitLab CE/EE afectando a todas las versiones a partir de 13.0 anteriores a 15.0.5, a todas las versiones a partir de 15.1 anteriore... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2307.json • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2498
https://notcve.org/view.php?id=CVE-2022-2498
05 Aug 2022 — An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. Un problema en las suscripciones a pipelines en GitLab EE afectando a todas las versiones desde la 12.8 anteriores a 15.0.5, la 15.1 anteriores a 15.1.4 y la 15.2 anteriores a 15.2.1, desencadena nuevos pipelines con la persona que creó la etiqu... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2498.json • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2456
https://notcve.org/view.php?id=CVE-2022-2456
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2417
https://notcve.org/view.php?id=CVE-2022-2417
05 Aug 2022 — Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. Una comprobación insuficiente en GitLab CE/EE afectando a todas las versiones a partir de 12.10 anteriores a 15.0.5, la 15.1 anteriores a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2417.json • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2497
https://notcve.org/view.php?id=CVE-2022-2497
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.6 antes de la 15.0.5, todas las versiones... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2531
https://notcve.org/view.php?id=CVE-2022-2531
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. Se ha detectado un problema en GitLab EE afectando a todas las versiones a partir de 12.5 anteriores a 15.0.5, todas las versiones a partir... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2531.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1954
https://notcve.org/view.php?id=CVE-2022-1954
01 Jul 2022 — A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers Una vulnerabilidad de Denegación de Servicio por Expresiones Regulares en GitLab CE/EE que afecta a todas las versiones desde la 1.0.2 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1, permite a un atacant... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1954.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2270
https://notcve.org/view.php?id=CVE-2022-2270
01 Jul 2022 — An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de la 12.4 anteriores a 14.10.5, todas las versiones a partir de la 15.0 anteriores a 15.0.4, todas las versiones a partir de la 15.1 anteriores a 15.1.1. GitL... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2270.json • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2228
https://notcve.org/view.php?id=CVE-2022-2228
01 Jul 2022 — Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range Una exposición de información en GitLab EE afectando a todas las versiones desde la 12.0 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1 permite a un... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2228.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1999
https://notcve.org/view.php?id=CVE-2022-1999
01 Jul 2022 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones desde la 8.13 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1. Bajo determinadas condiciones, usando la API REST un usuario no privilegiado podía cambiar l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1999.json •