CVE-2022-2303

GitLab CE/EE CVE-2022-2303 affects all versions before 15.0.5, all 15.1 releases before 15.1.4, and all 15.2 releases before 15.2.1. Root cause: bypass of group-level 2FA by obtaining an access token via the Resource Owner Password Credentials grant. Impact: potential unauthorized access without ...

CVE-2022-2303

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...

CVE-2022-2303

Removed by vendor...

CVE-2022-2326

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

CVE-2022-2326

Technical details beyond the basic description are not publicly provided in the supplied documents. Monitor for updates.

CVE-2022-2307

A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted,...

CVE-2022-2307

CVE-2022-2307 affects GitLab CE/EE: a lack of cascading deletes in GitLab versions 13.0–15.0.4, 15.1.0–15.1.3, and 15.2.0–15.2.0 allows a Group Owner to retain a usable Group Access Token after the Group is deleted, though the APIs available to that token are limited. The vulnerability impact and...

CVE-2022-2456

The CVE-2022-2456 entry describes a vulnerability in GitLab CE/EE affecting all versions before 15.0.5, and certain updates before 15.1.4 and 15.2.1. The issue allows malicious group or project maintainers to change the visibility of their group or project by crafting a malicious POST request. Th...

CVE-2022-2456

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility ...

CVE-2022-2456

Removed by vendor...

CVE-2022-2417

GitLab CVE-2022-2417 affects GitLab CE/EE; root cause is insufficient validation during project import, enabling an authenticated user to import a project with branch names that are 40 hexadecimal characters, which could enable supply-chain attacks by pinning to a specific commit. Affected versio...

CVE-2022-2417

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply...

CVE-2022-2417

Removed by vendor...

CVE-2022-2539

CVE-2022-2539 affects GitLab CE/EE. Versions affected are 14.6+ up to 15.0.5, 15.1 up to 15.1.4, and 15.2 up to 15.2.1. The issue enables a project member to filter issues by contact and organization, indicating an improper access/permission condition within GitLab’s issue filtering feature. The ...

CVE-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

CVE-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization...

CVE-2022-2539

Removed by vendor...

CVE-2022-2512

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project member...

CVE-2022-2512

CVE-2022-2512 affects GitLab CE/EE: 15.0 up to before 15.0.5, 15.1 up to before 15.1.4, and 15.2 up to before 15.2.1. The issue is that membership changes are not reflected in TODOs for confidential notes, allowing former project members to read updates via TODOs. Impact is described as high conf...

CVE-2022-2512

Removed by vendor...