CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-4205
https://notcve.org/view.php?id=CVE-2022-4205
27 Jan 2023 — In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. En Gitlab EE/CE anterior a 15.6.1, 15.5.5 y 15.4.6, el uso de una rama con un nombre hexadecimal podía anular un hash existente. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4205.json • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-4037
https://notcve.org/view.php?id=CVE-2022-4037
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Una con... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3514
https://notcve.org/view.php?id=CVE-2022-3514
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 6.6 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3613
https://notcve.org/view.php?id=CVE-2022-3613
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Una consulta del servidor Prome... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3818
https://notcve.org/view.php?id=CVE-2022-3818
09 Nov 2022 — An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. Un problema de consumo de recursos no controlado al analizar URL en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite que un atacante cause problemas de rendimiento y p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3265
https://notcve.org/view.php?id=CVE-2022-3265
09 Nov 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se descubrió un problema de Cross-Site Scripting (XSS) en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anteriores a 15.4.4 y 15.5 ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
17 Oct 2022 — A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3279
https://notcve.org/view.php?id=CVE-2022-3279
17 Oct 2022 — An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs Una excepción no manejada en el análisis del registro de trabajos en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a la 15.3 anteriores a 15.3.4 y a la 15.4 anteriores a 15.4.1 permite a un atacante impedir el acceso a los registros de trabajos • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3279.json • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3031
https://notcve.org/view.php?id=CVE-2022-3031
17 Oct 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, a todas las versiones a partir de 15.2 anteriores a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3030
https://notcve.org/view.php?id=CVE-2022-3030
17 Oct 2022 — An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. Un problema de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 15.1.6, a todas las versiones a partir de 15.2 anteriores a 15.2.4, a todas las versiones a partir de 15.3 anteriores a 15.3.2 permite revelar el estado de las tuberías a usuar... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json •