CVE-2022-2907
https://notcve.org/view.php?id=CVE-2022-2907
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json https://gitlab.com/gitlab-org/gitlab/-/issues/349388 https://hackerone.com/reports/1417680 •
CVE-2022-3573
https://notcve.org/view.php?id=CVE-2022-3573
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3573.json https://gitlab.com/gitlab-org/gitlab/-/issues/378216 https://hackerone.com/reports/1730461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4342
https://notcve.org/view.php?id=CVE-2022-4342
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 15.1 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Un mantenedor malicioso puede filtrar secretos de webhooks enmascarados cambiando la URL de destino del webhook. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4342.json https://gitlab.com/gitlab-org/gitlab/-/issues/385118 https://hackerone.com/reports/1791331 •
CVE-2022-3514
https://notcve.org/view.php?id=CVE-2022-3514
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 6.6 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Un atacante puede provocar una denegación de servicio en una instancia de GitLab explotando un problema de expresiones regulares en el analizador de URL del submódulo. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json https://gitlab.com/gitlab-org/gitlab/-/issues/377978 https://hackerone.com/reports/1727201 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2022-4131
https://notcve.org/view.php?id=CVE-2022-4131
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 10.8 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Un atacante puede provocar una denegación de servicio en una instancia de GitLab explotando un problema de expresiones regulares en la forma en que la aplicación analiza los agentes de usuario. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4131.json https://gitlab.com/gitlab-org/gitlab/-/issues/383598 https://hackerone.com/reports/1772063 • CWE-1333: Inefficient Regular Expression Complexity •