CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-4037
https://notcve.org/view.php?id=CVE-2022-4037
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Una con... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3613
https://notcve.org/view.php?id=CVE-2022-3613
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteriores a 15.7.2. Una consulta del servidor Prome... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3613.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3514
https://notcve.org/view.php?id=CVE-2022-3514
12 Jan 2023 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde 6.6 anteriores a 15.5.7, todas las versiones desde 15.6 anteriores a 15.6.4, todas las versiones desde 15.7 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3514.json • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3706
https://notcve.org/view.php?id=CVE-2022-3706
09 Nov 2022 — Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. La autorización inadecuada en GitLab CE/EE que afecta a todas las versiones desde 7.14 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a un usuario reintentar un trabajo en una c... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3818
https://notcve.org/view.php?id=CVE-2022-3818
09 Nov 2022 — An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. Un problema de consumo de recursos no controlado al analizar URL en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite que un atacante cause problemas de rendimiento y p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3265
https://notcve.org/view.php?id=CVE-2022-3265
09 Nov 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se descubrió un problema de Cross-Site Scripting (XSS) en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anteriores a 15.4.4 y 15.5 ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3030
https://notcve.org/view.php?id=CVE-2022-3030
17 Oct 2022 — An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. Un problema de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 15.1.6, a todas las versiones a partir de 15.2 anteriores a 15.2.4, a todas las versiones a partir de 15.3 anteriores a 15.3.2 permite revelar el estado de las tuberías a usuar... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3031
https://notcve.org/view.php?id=CVE-2022-3031
17 Oct 2022 — An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. Se ha detectado un problema en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, a todas las versiones a partir de 15.2 anteriores a... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2865
https://notcve.org/view.php?id=CVE-2022-2865
17 Oct 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4 y 15.3 anteriores a 15.3.2... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •