CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1105
https://notcve.org/view.php?id=CVE-2022-1105
04 Apr 2022 — An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled Una vulnerabilidad de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones desde 13.11 hasta 14.7.7, 14.8 hasta 14.8.5 y 14.9 hasta 14.9.2, permite que un usuario no autorizado acceda a los análisis de canalizaciones incluso cuando las... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1105.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1099
https://notcve.org/view.php?id=CVE-2022-1099
04 Apr 2022 — Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab La adición de un número muy grande de etiquetas a un corredor en GitLab CE/EE afectando a todas las versiones anteriores a 14.7.7, 14.8 anteriores a 14.8.5 y 14.9 anteriores a 14.9.2 permite a un atacante afectar al rendimiento de GitLab • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1099.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1100
https://notcve.org/view.php?id=CVE-2022-1100
04 Apr 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones desde 13.1 anteriores a 14.7.7, 14.8.0 anteriores a 14.8.5 y 14.9.0 anter... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1100.json • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1189
https://notcve.org/view.php?id=CVE-2022-1189
04 Apr 2022 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones a partir de la 12.2 anteriores a 14.7.7, a todas las versiones a partir de la 14.8 anteriores a 14.8.5, a todas las versiones a partir de la 14.9 ante... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1189.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0740
https://notcve.org/view.php?id=CVE-2022-0740
04 Apr 2022 — Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. Una autorización incorrecta en la funcionalidad integration's branch restriction de Asana en todas las versiones de GitLab CE/EE a partir de la versión 7.8.0 antes de la 14.7.7, todas las versiones a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0740.json • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0741
https://notcve.org/view.php?id=CVE-2022-0741
01 Apr 2022 — Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. Una comprobación de entrada inapropiada en todas las versiones de GitLab CE/EE usando sendmail para enviar correos electrónicos permitía a un atacante robar variables de entorno por medio de direcciones de correo electrónico especialmente diseñadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0741.json • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0425
https://notcve.org/view.php?id=CVE-2022-0425
01 Apr 2022 — A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. Una vulnerabilidad de reenganche de DNS en la integración de Irker IRC Gateway en todas las versiones de GitLab CE/EE desde la versión 7.9, permite a un atacante desencadenar ataques de tipo Server Side Request Forgery (SSRF) • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0425.json • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39908
https://notcve.org/view.php?id=CVE-2021-39908
01 Apr 2022 — In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. En todas las versiones de GitLab CE/EE a partir de la 0.8.0 antes de la 14.2.6, en todas las versiones a partir de la 14.3 antes de la 14.3.4, y en todas las versiones a partir de la 14.4 antes de la 14.... • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39908.json • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0373
https://notcve.org/view.php?id=CVE-2022-0373
01 Apr 2022 — Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address Un control de acceso inapropiado en GitLab CE/EE versiones 12.4 a 14.5.4, 14.5 a 14.6.4 y 12.6 a 14.7.1, permite que personas que no son miembros del proyecto recuperen la dirección de correo electrónico del servicio de asistencia técnica • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0373.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0390
https://notcve.org/view.php?id=CVE-2022-0390
01 Apr 2022 — Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. Un control de acceso inapropiado en Gitlab CE/EE versiones 12.7 a 14.5.4, 14.6 a 14.6.4 y 14.7 a 14.7.1, permitía a personas que no eran miembros del proyecto recuperar los detalles de las incidencias cuando estaban vinculadas a un elemento del panel de control de vulnerabilidades • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0390.json • CWE-862: Missing Authorization •