CVE-2022-3514

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the...

CVE-2022-3514

CVE-2022-3514 affects GitLab CE/EE, with vulnerable ranges: GitLab versions 6.6 through 15.5.6, 15.6.0 through 15.6.3, and 15.7.0 through 15.7.1. The issue stems from a regex handling in the submodule URL parser, which can be exploited to cause a Denial of Service on a GitLab instance. The availa...

CVE-2023-0042

The CVE-2023-0042 issue affects GitLab CE/EE versions 11.4 through 15.5.7, 15.6 through 15.6.4, and 15.7 through 15.7.2. The vulnerability stems from GitLab Pages allowing redirection to arbitrary protocols, enabling potential abuse of page redirects. Patches are available: upgrade to 15.5.7 or l...

CVE-2023-0042

Removed by vendor...

CVE-2022-3613

Removed by vendor...

CVE-2022-3573

Removed by vendor...

CVE-2022-4365

Removed by vendor...

CVE-2022-4037

Removed by vendor...

CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...

CVE-2022-4342

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook...

CVE-2022-4131

GitLab CE/EE is affected by CVE-2022-4131 due to a regex parsing issue in user agents. Affected versions are: 10.8 up to 15.5.7, 15.6 up to 15.6.4, and 15.7 up to 15.7.2. The issue can cause a Denial of Service on a GitLab instance. Root cause: regex handling in user agent parsing. Remediation pe...

CVE-2022-3613

The CVE-2022-3613 entry affects GitLab CE/EE: affected versions are all before 15.5.7, 15.6 before 15.6.4, and 15.7 before 15.7.2. The root cause is a crafted Prometheus Server query that can cause high resource consumption, leading to a Denial of Service. The provided connected documents confirm...

CVE-2022-4342

CVE-2022-4342 affects GitLab CE/EE versions: 15.1–15.5.6 (up to 15.5.7 noted by some sources), 15.6.x prior to 15.6.4, and 15.7.x prior to 15.7.2. The issue allows a malicious Maintainer to leak masked webhook secrets by changing the webhook target URL. Public sources corroborate the basic descri...

CVE-2022-4365

GitLab CE/EE is affected by CVE-2022-4365 and CVE-2023-4378: a malicious Maintainer can leak the Sentry token by changing the URL in the Sentry error tracking settings. Affected are GitLab versions starting from 11.8 up to 15.5.7, 15.6 up to 15.6.4, and 15.7 up to 15.7.2. The issue stems from an ...

CVE-2022-3573

CVE-2022-3573 affects GitLab CE/EE, with versions 15.4 up to before 15.5.7; 15.6 before 15.6.4; and 15.7 before 15.7.2. The issue stems from improper filtering of query parameters on the wiki changes page, allowing an attacker to execute arbitrary JavaScript on self-hosted instances that do not e...

CVE-2023-0042

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...

CVE-2022-4037

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...