CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3066
https://notcve.org/view.php?id=CVE-2022-3066
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de 10.0 anteriores a 15.2.5, todas las versiones a partir de 15.3 anteriores a 15.3.4, todas las versiones a partir de 15.4 anteriores a 15.4.1. Era posible que un usuario no autorizado creara problemas en un proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json https://gitlab.com/gitlab-org/gitlab/-/issues/372149 https://hackerone.com/reports/1685105 •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json https://gitlab.com/gitlab-org/gitlab/-/issues/362272 https://hackerone.com/reports/1563379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2527
https://notcve.org/view.php?id=CVE-2022-2527
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests. Se ha detectado un problema en las líneas de tiempo de incidentes en GitLab CE/EE afectando a todas las versiones a partir de 14.9 anteriores a 15.1.6, a todas las versiones a partir de 15.2 anteriores a 15.2.4, a todas las versiones a partir de 15.3 anteriores a 15.3.2.que permitía a un atacante autenticado inyectar contenido arbitrario. Una víctima que interactuara con este contenido podría conllevar a peticiones arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2527.json https://gitlab.com/gitlab-org/gitlab/-/issues/368676 https://hackerone.com/reports/1647446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2865
https://notcve.org/view.php?id=CVE-2022-2865
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4 y 15.3 anteriores a 15.3.2. Era posible explotar una vulnerabilidad en la configuración de la función de color de las etiquetas que podía conllevar a un ataque de tipo XSS almacenado que permitía a atacantes llevar a cabo acciones arbitrarias en nombre de las víctimas en el lado del cliente • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json https://gitlab.com/gitlab-org/gitlab/-/issues/370873 https://hackerone.com/reports/1665658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3330
https://notcve.org/view.php?id=CVE-2022-3330
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. Era posible que un usuario invitado leyera una tarea dirigida a una nota inaccesible en Gitlab CE/EE, lo que afectaba a todas las versiones desde la 15.0 hasta la 15.2.5, la 15.3 hasta la 15.3.4 y la 15.4 hasta la 15.4.1 • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3330.json https://gitlab.com/gitlab-org/gitlab/-/issues/365827 •