CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2459
https://notcve.org/view.php?id=CVE-2022-2459
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. Se ha detectado un problema en GitLab EE afectando a todas las versiones anteriores a la 15.0.5, a todas las ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2459.json • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2500
https://notcve.org/view.php?id=CVE-2022-2500
05 Aug 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.0.5, a 15.1 anterior a 15.1.4 y 15.2 anteriores a 15.2.1. Un fallo de tipo XSS almacenado en los mensajes de error de... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2500.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2501
https://notcve.org/view.php?id=CVE-2022-2501
05 Aug 2022 — An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required. Un problema de control de acceso inapropiado en GitLab EE afectando a todas las versiones desde la 12.0 anteriores a 15.0.5, la 15.1 anteriores a 15.1.4 y la 15.2 anteriores a 15.2.1 permite a un atacante omitir la l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2501.json • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2534
https://notcve.org/view.php?id=CVE-2022-2534
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de 9.3 anteriores a 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las versiones a partir de 15.2 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2534.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2303
https://notcve.org/view.php?id=CVE-2022-2303
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2303.json • CWE-287: Improper Authentication •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2326
https://notcve.org/view.php?id=CVE-2022-2326
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las versiones a p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2326.json • CWE-863: Incorrect Authorization •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2307
https://notcve.org/view.php?id=CVE-2022-2307
05 Aug 2022 — A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. Una falta de borrado en cascada en GitLab CE/EE afectando a todas las versiones a partir de 13.0 anteriores a 15.0.5, a todas las versiones a partir de 15.1 anteriore... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2307.json • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2498
https://notcve.org/view.php?id=CVE-2022-2498
05 Aug 2022 — An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. Un problema en las suscripciones a pipelines en GitLab EE afectando a todas las versiones desde la 12.8 anteriores a 15.0.5, la 15.1 anteriores a 15.1.4 y la 15.2 anteriores a 15.2.1, desencadena nuevos pipelines con la persona que creó la etiqu... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2498.json • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2456
https://notcve.org/view.php?id=CVE-2022-2456
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2417
https://notcve.org/view.php?id=CVE-2022-2417
05 Aug 2022 — Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. Una comprobación insuficiente en GitLab CE/EE afectando a todas las versiones a partir de 12.10 anteriores a 15.0.5, la 15.1 anteriores a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2417.json • CWE-20: Improper Input Validation •