CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-4335
https://notcve.org/view.php?id=CVE-2022-4335
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host. Se identificó una vulnerabilidad blind SSRF en todas las versiones de GitLab EE anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 que permite a un atacante conectarse a un host local. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4335.json https://gitlab.com/gitlab-org/gitlab/-/issues/353018 https://hackerone.com/reports/1462437 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-4255
https://notcve.org/view.php?id=CVE-2022-4255
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. Se identificó un problema de fuga de información en todas las versiones de GitLab EE desde la 13.7 anterior a la 15.4.6, la 15.5 anterior a la 15.5.5 y la 15.6 anterior a la 15.6.1 que expone la identificación del correo electrónico del usuario a través de el payload del webhook. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4255.json https://gitlab.com/gitlab-org/gitlab/-/issues/373819 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-4201
https://notcve.org/view.php?id=CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. Un blind SSRF en GitLab CE/EE que afecta a todas las versiones 11.3 anteriores a 15.4.6, 15.5 anteriores a 15.5.5 y 15.6 anteriores a 15.6.1 permite a un atacante conectarse a direcciones locales al configurar un GitLab Runner malicioso. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4201.json https://gitlab.com/gitlab-org/gitlab/-/issues/30376 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4092
https://notcve.org/view.php?id=CVE-2022-4092
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json https://gitlab.com/gitlab-org/gitlab/-/issues/383208 https://hackerone.com/reports/1777934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3820
https://notcve.org/view.php?id=CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. Se descubrió un problema en GitLab que afecta a todas las versiones desde la 15.4 anterior a la 15.4.4 y la 15.5 anterior a la 15.5.2. GitLab no estaba realizando la autenticación correcta con algunos registros de paquetes cuando se configuraron las restricciones de dirección IP, lo que permitió que un atacante que ya estuviera en posesión de un token de implementación válido lo usara indebidamente desde cualquier ubicación. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3820.json https://gitlab.com/gitlab-org/gitlab/-/issues/378638 •