CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3486
https://notcve.org/view.php?id=CVE-2022-3486
09 Nov 2022 — An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. Una vulnerabilidad de redireccionamiento abierto en GitLab EE/CE que afecta a todas las versiones desde la 9.3 anterior a la 15.3.5, la 15.4 anterior a la 15.4.4 y la 15.5 anterior a la 15.5.2, permite a un atacante redirigir a los usuarios a una ubicación arbitraria si confían en l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3706
https://notcve.org/view.php?id=CVE-2022-3706
09 Nov 2022 — Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. La autorización inadecuada en GitLab CE/EE que afecta a todas las versiones desde 7.14 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a un usuario reintentar un trabajo en una c... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3726
https://notcve.org/view.php?id=CVE-2022-3726
09 Nov 2022 — Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account. La falta de espacio aislado de los documentos OpenAPI en GitLab CE/EE que afecta a todas las versiones desde 12.6 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a un atacante engañar a un usuario pa... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3793
https://notcve.org/view.php?id=CVE-2022-3793
09 Nov 2022 — An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. Un problema de autorización inadecuada en GitLab CE/EE que afecta a todas las versiones desde 14.4 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a un atacante leer variables configuradas directamente en un archivo de configu... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3793.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3818
https://notcve.org/view.php?id=CVE-2022-3818
09 Nov 2022 — An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. Un problema de consumo de recursos no controlado al analizar URL en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite que un atacante cause problemas de rendimiento y p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3819
https://notcve.org/view.php?id=CVE-2022-3819
09 Nov 2022 — An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. Un problema de autorización inadecuada en GitLab CE/EE que afecta a todas las versiones desde 15.0 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a usuarios malintencionados configurar emojis en notas internas a las que no tienen acceso. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3819.json • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2904
https://notcve.org/view.php?id=CVE-2022-2904
02 Nov 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se descubrió un problema de Cross-Site Scripting (XSS) en GitLab CE/EE que afecta a todas las ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2826
https://notcve.org/view.php?id=CVE-2022-2826
28 Oct 2022 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 10.0 anteriores a 12.9.8, todas las versiones desde 12.10 anteriores a 12.10.7, todas las versiones desde 13.0 anteriores a 13.0.1. TODO • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2826.json •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2882
https://notcve.org/view.php?id=CVE-2022-2882
28 Oct 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.6 anteriores a 15.2.5, todas las versiones ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •