CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3482
https://notcve.org/view.php?id=CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json https://gitlab.com/gitlab-org/gitlab/-/issues/377802 https://hackerone.com/reports/1725841 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3902
https://notcve.org/view.php?id=CVE-2022-3902
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks. Se ha descubierto un problema en GitLab que afecta a todas las versiones desde 9.3 anteriores a 15.4.6, todas las versiones desde 15.5 anteriores a 15.5.5, todas las versiones desde 15.6 anteriores a 15.6.1. Un responsable del proyecto pudo desenmascarar los tokens secretos de los webhooks revisando los registros después de probar los webhooks. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3902.json https://gitlab.com/gitlab-org/gitlab/-/issues/381895 https://hackerone.com/reports/1757999 •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4092
https://notcve.org/view.php?id=CVE-2022-4092
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4092.json https://gitlab.com/gitlab-org/gitlab/-/issues/383208 https://hackerone.com/reports/1777934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3740
https://notcve.org/view.php?id=CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.json https://gitlab.com/gitlab-org/gitlab/-/issues/368416 https://hackerone.com/reports/1602904 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2907
https://notcve.org/view.php?id=CVE-2022-2907
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2907.json https://gitlab.com/gitlab-org/gitlab/-/issues/349388 https://hackerone.com/reports/1417680 •