CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-4205
https://notcve.org/view.php?id=CVE-2022-4205
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. En Gitlab EE/CE anterior a 15.6.1, 15.5.5 y 15.4.6, el uso de una rama con un nombre hexadecimal podía anular un hash existente. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json https://gitlab.com/gitlab-org/gitlab/-/issues/374082 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4335
https://notcve.org/view.php?id=CVE-2022-4335
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. Se identificó una vulnerabilidad blind SSRF en todas las versiones de GitLab EE anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 que permite a un atacante conectarse a un host local. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json https://gitlab.com/gitlab-org/gitlab/-/issues/353018 https://hackerone.com/reports/1462437 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-4255
https://notcve.org/view.php?id=CVE-2022-4255
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. Se identificó un problema de fuga de información en todas las versiones de GitLab EE desde la 13.7 anterior a la 15.4.6, la 15.5 anterior a la 15.5.5 y la 15.6 anterior a la 15.6.1 que expone la identificación del correo electrónico del usuario a través de el payload del webhook. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json https://gitlab.com/gitlab-org/gitlab/-/issues/373819 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-4201
https://notcve.org/view.php?id=CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. Un blind SSRF en GitLab CE/EE que afecta a todas las versiones 11.3 anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 permite a un atacante conectarse a direcciones locales al configurar un GitLab Runner malicioso. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json https://gitlab.com/gitlab-org/gitlab/-/issues/30376 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3902
https://notcve.org/view.php?id=CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 9.3 anteriores a 15.4.6, todas las versiones desde 15.5 anteriores a 15.5.5, todas las versiones desde 15.6 anteriores a 15.6.1. Un responsable del proyecto pudo desenmascarar los tokens secretos de los webhooks revisando los registros después de probar los webhooks. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json https://gitlab.com/gitlab-org/gitlab/-/issues/381895 https://hackerone.com/reports/1757999 •