CVE-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers...

CVE-2022-1963

CVE-2022-1963 affects GitLab CE/EE versions: 13.4–14.10.4, 15.0–15.0.3, and 15.1–15.1.0. The root cause is that GitLab may reveal whether a user has enabled two‑factor authentication in the HTML source to unauthenticated users. This is an information‑disclosure issue with potential privacy implic...

CVE-2022-2229

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of...

CVE-2022-2229

Removed by vendor...

CVE-2022-2229

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of...

CVE-2022-2229

CVE-2022-2229 concerns an improper authorization flaw in GitLab CE/EE. Affected versions are 13.7 <= version < 14.10.5, 15.0 <= version < 15.0.4, and 15.1 <= version

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

Cross site scripting

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

Improper access control

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

Open redirect

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

CVE-2022-2227

GitLab CE/EE vulnerability CVE-2022-2227: Improper access control in the runner jobs API allows a previous maintainer of a project with a specific runner to access job and project metadata. Affected versions: all prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. The provided docum...

CVE-2022-2227

Removed by vendor...

CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions...

CVE-2022-2250

CVE-2022-2250 affects GitLab EE/CE open redirect in all versions before fixed releases: 14.10.5, 15.0.4, and 15.1.1. The vulnerability allows an attacker to redirect users to an arbitrary location if they trust the URL. The provided documents describe the affected product, versions, and the natur...

PT-2022-15342 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 Description: A Stored Cross-Site Scripting issue in the project settings page allows an attacker to execute arbitra...

CVE-2022-1944

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs...

CVE-2022-1821

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group...