CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2498
https://notcve.org/view.php?id=CVE-2022-2498
05 Aug 2022 — An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. Un problema en las suscripciones a pipelines en GitLab EE afectando a todas las versiones desde la 12.8 anteriores a 15.0.5, la 15.1 anteriores a 15.1.4 y la 15.2 anteriores a 15.2.1, desencadena nuevos pipelines con la persona que creó la etiqu... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2498.json • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2456
https://notcve.org/view.php?id=CVE-2022-2456
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2417
https://notcve.org/view.php?id=CVE-2022-2417
05 Aug 2022 — Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. Una comprobación insuficiente en GitLab CE/EE afectando a todas las versiones a partir de 12.10 anteriores a 15.0.5, la 15.1 anteriores a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2417.json • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2499
https://notcve.org/view.php?id=CVE-2022-2499
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. Se ha detectado un problema en GitLab EE afectando a todas las versiones a partir de 13.10 anteriores a 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4, a todas ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2499.json • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2497
https://notcve.org/view.php?id=CVE-2022-2497
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 12.6 antes de la 15.0.5, todas las versiones... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2497.json •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2531
https://notcve.org/view.php?id=CVE-2022-2531
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. Se ha detectado un problema en GitLab EE afectando a todas las versiones a partir de 12.5 anteriores a 15.0.5, todas las versiones a partir... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2531.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1954
https://notcve.org/view.php?id=CVE-2022-1954
01 Jul 2022 — A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers Una vulnerabilidad de Denegación de Servicio por Expresiones Regulares en GitLab CE/EE que afecta a todas las versiones desde la 1.0.2 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1, permite a un atacant... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1954.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1963
https://notcve.org/view.php?id=CVE-2022-1963
01 Jul 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 13.4 anteriores a 14.10.5, a todas las versiones a partir de la 15.0 anteriores a 15.0.4, a todas ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1963.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2270
https://notcve.org/view.php?id=CVE-2022-2270
01 Jul 2022 — An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de la 12.4 anteriores a 14.10.5, todas las versiones a partir de la 15.0 anteriores a 15.0.4, todas las versiones a partir de la 15.1 anteriores a 15.1.1. GitL... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2270.json • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2229
https://notcve.org/view.php?id=CVE-2022-2229
01 Jul 2022 — An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. Un problema de autorización inapropiada en GitLab CE/EE afectando a todas las versiones desde la 13.7 anteriores a 14.10.5, la 15.0 anteriores a 15.0.4 y la 15.1 anteriores a 15.1.1 permite a un atacante extraer el va... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2229.json •