CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

UBUNTU-CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

UBUNTU-CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

The CVE-2022-0152 issue affects GitLab and is described as an unauthorized access vulnerability in the GraphQL API. Affected versions include all from 13.10 up to 14.4.5 (i.e., 13.10–14.4.4), all from 14.5.0 up to 14.5.3 (i.e., 14.5.0–14.5.2), and all from 14.6.0 up to 14.6.2 (i.e., 14.6.0–14.6.1...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

Removed by vendor...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0172

GitLab CVE-2022-0172 affects GitLab CE/EE versions starting with 12.3. Under certain conditions, an authenticated bypass was possible via GraphQL that allowed unauthenticated users to read titles of issues, merge requests, and milestones for public projects. The primary sources here are CVE-2022-...

CVE-2022-0172

Removed by vendor...

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

PT-2022-13008 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.3 and later Description: An issue has been discovered in GitLab CE/EE, where under certain conditions, it was possible to bypass the IP restriction for public projects through GraphQL. This allowed unauthorized users ...

PT-2022-12997 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.10 through 14.4.4 GitLab versions 14.5.0 through 14.5.2 GitLab versions 14.6.0 through 14.6.1 Description: An issue has been discovered in GitLab, allowing unauthorized access to certain fields through the GraphQL API...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. Gitlab has a security vulnerability that stems from the software's lack of...

FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...

Improper Authorization in saleor/saleor

Title GraphQL traversal due to missing permission checks Description orders and customers fields allow to access each other via nodes edges. However, connections don't check user's permissions, which allows, for instance, a staff with just Customers permissions get full information about the orde...

Mercurius code issue vulnerability

Mercurius is a GraphQL adapter Fastify . Mercurius 8.10.0 to 8.11.1 has a code issue vulnerability that could be exploited by an attacker to cause a denial of service attack...

CVE-2021-43801

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...