CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3483
https://notcve.org/view.php?id=CVE-2022-3483
09 Nov 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.1 anteriores a 15.3.5, todas las versiones... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3483.json •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3285
https://notcve.org/view.php?id=CVE-2022-3285
09 Nov 2022 — Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab Omitir la lista de permitidos del endpoint de Healthcheck que afecta a todas las versiones desde 12.0 anterior a 15.2.5, 15.3 anterior a 15.3.4 y 15.4 anterior a 15.4.1 permite a un atacante no autorizado impedir el acceso a GitLab • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3285.json •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2904
https://notcve.org/view.php?id=CVE-2022-2904
02 Nov 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se descubrió un problema de Cross-Site Scripting (XSS) en GitLab CE/EE que afecta a todas las ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2904.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2882
https://notcve.org/view.php?id=CVE-2022-2882
28 Oct 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 12.6 anteriores a 15.2.5, todas las versiones ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2882.json • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3639
https://notcve.org/view.php?id=CVE-2022-3639
21 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE que afecta a todas las versiones desde la 10.8 anteriores a 15.1.6, a todas las versiones desde la 15.2 anteriores a 15.2.4, a todas las versiones desd... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3639.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3066
https://notcve.org/view.php?id=CVE-2022-3066
17 Oct 2022 — An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de 10.0 anteriores a 15.2.5, todas las versiones a partir de 15.3 anteriores a 15.3.4, todas las versiones a partir de 15.4 anteriores a 15.4.1. Era posible que un usuario... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3286
https://notcve.org/view.php?id=CVE-2022-3286
17 Oct 2022 — Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token Una falta de comprobación de la dirección IP en GitLab EE, afectando a todas las versiones desde la 14.2 anteriores a 15.2.5, la 15.3 anteriores a 15.3.4 y la 15.4 anteriores a 15.4.1, permite a un miembro del grupo omitir las restricciones de IP cuando usa un token de despliegue • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3286.json •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3351
https://notcve.org/view.php?id=CVE-2022-3351
17 Oct 2022 — An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. Se ha detectado un problema en GitLab EE afectando a todas las versiones a partir de 13.7 anteriores a 15.2.5, a todas las versiones a partir de 15.3 anteriores a 15.3.4, a todas las versiones a partir de 15.4 anteriores a 15.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3351.json •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
17 Oct 2022 — A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •