CVE-2022-0167

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making i...

Linux Distros Unpatched Vulnerability : CVE-2022-0123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL...

CVE-2022-0090

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...

BIT-GITLAB-2021-39927

Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443...

Code injection

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

EnterpriseDB EDB Postgres Advanced Server 安全漏洞

EnterpriseDB EDB Postgres Advanced Server is the core database product for EDB from EnterpriseDB, Inc. A security vulnerability exists in EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 14.6.0, which stems from an unedited password being logged when the optional parameter is used...

PT-2022-13006 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2 Description: An issue has been discovered in GitLab where the Autocomplete attribute of fields related to sensitive information wa...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries...

PT-2022-13202 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.9 through 14.5.3 GitLab versions 14.6.0 through 14.6.3 GitLab versions 14.7.0 Description: An issue has been discovered in GitLab where it was not correctly handling bulk requests to delete existing packages from the packag...

CVE-2022-0124

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack...

PT-2022-12979 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2 Description: An issue has been discovered in GitLab where it was not verifying that a maintainer of a project had the right access...

PT-2022-12999 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 7.7 through 14.4.4 GitLab versions 14.5.0 through 14.5.2 GitLab versions 14.6.0 through 14.6.1 Description: The issue allows a malicious user to perform a Cross-Site Request Forgery attack, enabling them to import their GitHub...

PT-2022-11089 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.4 through 14.4.4 GitLab CE/EE versions 14.5.0 through 14.5.2 GitLab CE/EE versions 14.6.0 through 14.6.1 Description: The issue concerns a server-side request forgery protection failure in GitLab CE/EE. This failure...