2484 matches found
CVE-2022-47417
CVE-2022-47417 affects LogicalDOC Enterprise and Community Edition (CE). The issue is a stored (persistent) cross-site scripting (XSS) vulnerability in the document file name. The provided documents specify the vulnerability type and affected product, but do not include concrete exploit details, ...
CVE-2022-47415
Technical details about CVE-2022-47415 are not publicly available in the provided Connected documents. Monitor official advisories and CVE listings for affected products, impact, and available patches.
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
Server side request forgery (ssrf)
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-4201
GitLab CE/EE contains a blind SSRF (CVE-2022-4201) affecting 11.3–11.?. versions prior to 15.4.6, 15.4.x prior to 15.5.5, and 15.6.x prior to 15.6.1. The issue allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. Root cause/impact are stated as blind SSRF w...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-4201
Removed by vendor...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-3572
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed...
CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...
Cross site scripting
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
Improper access control
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...
Authorization
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2022-3572
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed...
CVE-2022-3740
GitLab CE/EE prior to 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 are affected. The issue lets a group owner bypass the External Authorization check when enabled, by using Deploy tokens or Deploy keys to access git repositories and package registries. Root cause is an authorization flaw in...
CVE-2022-3572
CVE-2022-3572 describes a cross-site scripting vulnerability in GitLab CE/EE. The issue affects GitLab versions 13.5 through 15.3.5, 15.4 through 15.4.4, and 15.5 through 15.5.2, and arises from how the Jira Connect integration is configured, enabling a reflected XSS that can perform arbitrary ac...
CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...