CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2592
https://notcve.org/view.php?id=CVE-2022-2592
17 Oct 2022 — A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. Una falta de comprobación de la longitud en las descripciones de Snippet en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 anteriores ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3060
https://notcve.org/view.php?id=CVE-2022-3060
17 Oct 2022 — Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests Un control inapropiado de un identificador de recurso en el seguimiento de errores en GitLab CE/EE, afectando a todas las versiones a partir de 12.7, permite que un atacante autenticado genere contenido que podría causar que una víctima realice peticiones arbitrarias no deseadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2931
https://notcve.org/view.php?id=CVE-2022-2931
17 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando todas las versiones anteriores a 15.1.6, todas las versiones a partir de 15.2 anteriores a 15.2.4 y a todas las versiones a partir de 15.3 anterio... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3288
https://notcve.org/view.php?id=CVE-2022-3288
17 Oct 2022 — A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. Una confusión de nombre de rama/etiqueta en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a la 15.3 anteriores a 15.3.4 y a la 15.4 anteriores a 15.4.1 permite a un atacante manipular páginas donde era esperado el contenido de la rama por defecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3288.json •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3283
https://notcve.org/view.php?id=CVE-2022-3283
17 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a todas las versiones a partir de 15.3 anteriores a 15.3.4, a todas... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2459
https://notcve.org/view.php?id=CVE-2022-2459
05 Aug 2022 — An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. Se ha detectado un problema en GitLab EE afectando a todas las versiones anteriores a la 15.0.5, a todas las ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2459.json • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2500
https://notcve.org/view.php?id=CVE-2022-2500
05 Aug 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.0.5, a 15.1 anterior a 15.1.4 y 15.2 anteriores a 15.2.1. Un fallo de tipo XSS almacenado en los mensajes de error de... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2500.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2303
https://notcve.org/view.php?id=CVE-2022-2303
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2303.json • CWE-287: Improper Authentication •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2326
https://notcve.org/view.php?id=CVE-2022-2326
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las versiones a p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2326.json • CWE-863: Incorrect Authorization •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2456
https://notcve.org/view.php?id=CVE-2022-2456
05 Aug 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a la 15.0.5, a todas las versiones a partir de 15.1 anteriores a 15.1.4 y a todas las vers... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2456.json •