CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2484 matches found

UbuntuCve•added 2022/04/04 8:15 p.m.•33 views

CVE-2022-0740

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from...

4.3CVSS5.9AI score0.00969EPSS

Exploits0References4

Prion•added 2022/04/04 8:15 p.m.•18 views

Design/Logic Flaw

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...

4CVSS6.2AI score0.00987EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2022/04/04 8:15 p.m.•36 views

CVE-2022-1174

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests,...

7.5CVSS7.1AI score0.01442EPSS

Exploits0References4

Prion•added 2022/04/04 8:15 p.m.•26 views

Hardcoded credentials

A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts...

7.5CVSS9.3AI score0.76177EPSS

Exploits3References3Affected Software1

CVE•added 2022/04/04 7:46 p.m.•141 views

CVE-2022-1175

GitLab CE/EE is affected by CVE-2022-1175 due to improper neutralization of user input in notes, enabling Stored XSS. Affected ranges are GitLab CE/EE versions: 14.4 up to before 14.7.7, 14.8 up to before 14.8.5, and 14.9 up to before 14.9.2. Connected documents indicate fixes exist in later rele...

8.7CVSS5.8AI score0.82003EPSS

Exploits3References4Affected Software1

Debian CVE•added 2022/04/04 7:46 p.m.•36 views

CVE-2022-1175

Removed by vendor...

8.7CVSS7.1AI score0.82003EPSS

Exploits3

Debian CVE•added 2022/04/04 7:46 p.m.•60 views

CVE-2022-1190

Removed by vendor...

8.7CVSS7AI score0.87369EPSS

Exploits0

OSV•added 2022/04/04 7:46 p.m.•32 views

CVE-2022-1175

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...

8.7CVSS5.5AI score0.82003EPSS

Exploits3References6

OSV•added 2022/04/04 7:46 p.m.•18 views

CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc...

8.7CVSS5.5AI score0.87369EPSS

Exploits0References5

Cvelist•added 2022/04/04 7:46 p.m.•35 views

CVE-2022-1190

8.7CVSS6.5AI score0.87369EPSS

Exploits0References3

Debian CVE•added 2022/04/04 7:46 p.m.•54 views

CVE-2022-1162

Removed by vendor...

9.8CVSS7.5AI score0.76177EPSS

Exploits3

CVE•added 2022/04/04 7:46 p.m.•180 views

CVE-2022-1162

GitLab CVE-2022-1162 affects GitLab CE/EE versions 14.7 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2. Root cause: a hardcoded password was set for accounts registered via OmniAuth providers (OAuth, LDAP, SAML), enabling potential account takeover. Impact: high-risk credential exposur...

9.8CVSS9.2AI score0.76177EPSS

Exploits3References3Affected Software1

OSV•added 2022/04/04 7:46 p.m.•28 views

CVE-2022-1162

9.1CVSS6.6AI score0.76177EPSS

Exploits3References5

OSV•added 2022/04/04 7:46 p.m.•19 views

CVE-2022-1121

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption...

5.3CVSS6.3AI score0.0104EPSS

Exploits0References4

OSV•added 2022/04/04 7:46 p.m.•19 views

CVE-2022-1185

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file...

6.5CVSS6.3AI score0.01277EPSS

Exploits0References5

CVE•added 2022/04/04 7:46 p.m.•91 views

CVE-2022-1185

CVE-2022-1185 describes a denial-of-service in GitLab CE/EE when rendering RDoc files. Affected versions: GitLab Community Edition/Enterprise Edition 10.x; 14.7.7 and earlier in the 14.7 line; 14.8.0 to 14.8.5; and 14.9.0 to 14.9.2. The vulnerability allows an attacker to crash the GitLab web app...

6.5CVSS6.1AI score0.01277EPSS

Exploits0References3Affected Software1

CVE•added 2022/04/04 7:46 p.m.•84 views

CVE-2022-1120

CVE-2022-1120 affects GitLab CE/EE; missing filtering in an error message allows exposure of sensitive information when an include directive in CI/CD configuration fails. Affected versions: all before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2. The available connected documents reiterate ...

6.5CVSS6.1AI score0.00987EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/04/04 7:46 p.m.•26 views

CVE-2022-1120

4.8CVSS6.5AI score0.00987EPSS

Exploits0References3

OSV•added 2022/04/04 7:46 p.m.•21 views

CVE-2022-1120

4.8CVSS6AI score0.00987EPSS

Exploits0References5

Debian CVE•added 2022/04/04 7:46 p.m.•46 views

CVE-2022-1174