CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0483
https://notcve.org/view.php?id=CVE-2023-0483
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0483.json https://gitlab.com/gitlab-org/gitlab/-/issues/389188 https://hackerone.com/reports/1836466 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3381
https://notcve.org/view.php?id=CVE-2022-3381
An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3381.json https://gitlab.com/gitlab-org/gitlab/-/issues/376046 https://hackerone.com/reports/1711497 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-4138
https://notcve.org/view.php?id=CVE-2022-4138
A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4138.json https://gitlab.com/gitlab-org/gitlab/-/issues/383709 https://hackerone.com/reports/1778009 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3411
https://notcve.org/view.php?id=CVE-2022-3411
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json https://gitlab.com/gitlab-org/gitlab/-/issues/376247 https://hackerone.com/reports/1685995 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-4205
https://notcve.org/view.php?id=CVE-2022-4205
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. En Gitlab EE/CE anterior a 15.6.1, 15.5.5 y 15.4.6, el uso de una rama con un nombre hexadecimal podía anular un hash existente. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json https://gitlab.com/gitlab-org/gitlab/-/issues/374082 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •