CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1148
https://notcve.org/view.php?id=CVE-2022-1148
04 Apr 2022 — Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites Una autorización inapropiada en GitLab Pages incluida en GitLab CE/EE afectando a todas las versiones desde la 11.5 anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 1... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1148.json • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1121
https://notcve.org/view.php?id=CVE-2022-1121
04 Apr 2022 — A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. Una falta de tiempos de espera apropiados en GitLab Pages incluidos en GitLab CE/EE todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2, permite a un atacante causar un consumo no limitado de recursos • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1121.json • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1111
https://notcve.org/view.php?id=CVE-2022-1111
04 Apr 2022 — A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages Un error de lógica empresarial en la Importación de Proyectos en GitLab CE/EE versiones 14.9 anteriores a 14.9.2, 14.8 anteriores a 14.8.5 y 14.0 anteriores a 14.7.7 causaba, en determinadas condiciones, que los proyectos importados mostr... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1111.json •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1185
https://notcve.org/view.php?id=CVE-2022-1185
04 Apr 2022 — A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file Una vulnerabilidad de denegación de servicio cuando son renderizados archivos RDoc en GitLab CE/EE versiones 10 a 14.7.7, 14.8.0 a 14.8.5 y 14.9.0 a 14.9.2, permite a un atacante bloquear la aplicación web de GitLab con un archivo RDoc maliciosamente diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1185.json • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1120
https://notcve.org/view.php?id=CVE-2022-1120
04 Apr 2022 — Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. Una falta de filtrado en un mensaje de error en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2, expone información confidencial cuando falla una directiva de inclusión en la configuración de CI/CD • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1120.json • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1174
https://notcve.org/view.php?id=CVE-2022-1174
04 Apr 2022 — A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. Se ha detectado una potencial vulnerabilidad DoS en Gitlab CE/EE versiones 13.7 anteriores a 14.7.7, todas las versiones a partir de 14.8 anteriores a 14.8.5, todas las versiones a pa... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1174.json • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1188
https://notcve.org/view.php?id=CVE-2022-1188
04 Apr 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 12.1 anteriores a 14.7.7, a todas las versiones a partir de la 14.8 anteriores a 14.8.5, a todas las versiones a partir de la 14.9 anteriores a 1... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1188.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1105
https://notcve.org/view.php?id=CVE-2022-1105
04 Apr 2022 — An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled Una vulnerabilidad de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones desde 13.11 hasta 14.7.7, 14.8 hasta 14.8.5 y 14.9 hasta 14.9.2, permite que un usuario no autorizado acceda a los análisis de canalizaciones incluso cuando las... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1105.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1099
https://notcve.org/view.php?id=CVE-2022-1099
04 Apr 2022 — Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab La adición de un número muy grande de etiquetas a un corredor en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2 permite a un atacante afectar al rendimiento de GitLab • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1099.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1100
https://notcve.org/view.php?id=CVE-2022-1100
04 Apr 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones desde 13.1 anteriores a 14.7.7, 14.8.0 anteriores a 14.8.5 y 14.9.0 anter... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json • CWE-772: Missing Release of Resource after Effective Lifetime •