CVE-2022-3279

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

CVE-2022-2931

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage...

PT-2022-20228 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 15.2.5 GitLab CE/EE versions 15.3 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.1 Description: An issue in the Import functionality allows an authenticated user to read arbitrary projects' content...

CVE-2022-3060

CVE-2022-3060 concerns GitLab CE/EE with an improper control of a resource identifier in Error Tracking. Affected products include GitLab CE/EE versions from 12.7 onward. The root issue allows an authenticated attacker to generate content that could cause a victim to make unintended arbitrary req...

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

CVE-2022-3279

CVE-2022-3279 : In GitLab CE/EE, an unhandled exception in job log parsing affects all versions prior to 15.2.5, 15.3 before 15.3.4, and 15.4 before 15.4.1, allowing an attacker to prevent access to job logs. The description does not provide a confirmed remediation or patch details. No connected ...

CVE-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

CVE-2022-3325

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user...

PT-2022-21470 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.2.5 GitLab CE/EE versions 15.3 prior to 15.3.4 GitLab CE/EE versions 15.4 prior to 15.4.1 Description: An unhandled exception in job log parsing allows an attacker to prevent access to job logs...

CVE-2022-3067

CVE-2022-3067 affects GitLab CE/EE via the Import functionality, allowing an authenticated user to read arbitrary project contents. The flaw exists in versions: 14.4 up to 15.2.4, 15.3 up to 15.3.3, and 15.4 up to 15.4.0. The underlying cause, as described in the sources, is not fully disclosed h...

CVE-2022-3283

GitLab CE/EE vulnerability CVE-2022-3283 affects GitLab versions prior to 15.2.5, and specific ranges in later releases (before 15.3.4 and before 15.4.1). The root cause is a potential denial-of-service: when cloning an issue, a specially crafted description could trigger high CPU usage, potentia...

CVE-2022-2428

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests...

PT-2022-20060 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.1.6 GitLab CE/EE versions 15.2 through 15.2.3 GitLab CE/EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab CE/EE that may allow an attacker to guess a user's password by brute...

CVE-2022-3031

CVE-2022-3031 affects GitLab CE/EE, with affected versions: all versions before 15.1.6, all versions from 15.2 before 15.2.4, and all versions from 15.3 before 15.3.2. The issue may allow an attacker to brute-force a user’s password by sending crafted requests to a specific endpoint, even if 2FA ...

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...

CVE-2022-2592

The CVE-2022-2592 issue concerns GitLab CE/EE where a lack of length validation in Snippet descriptions allows an authenticated attacker to create excessively long Snippets that, when requested with or without authentication, can load the server and cause a Denial of Service. Documents consistent...

CVE-2022-3288

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

CVE-2022-3288

GitLab CVE-2022-3288 affects GitLab CE/EE; a branch/tag name confusion allows manipulation of pages where the default-branch content is expected. Affected versions: <15.2.5, <15.3.4, and

CVE-2022-2908

Removed by vendor...