Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.8 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

9CVSS6.3AI score0.00774EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.22 views

GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

9CVSS7.4AI score0.00774EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/11/10 12:15 a.m.22 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

9CVSS7.2AI score0.00774EPSS
Exploits0References1
CVE
CVE
added 2022/11/09 12:0 a.m.129 views

CVE-2022-3726

GitLab CVE-2022-3726 affects GitLab CE/EE, with no sandboxing of OpenAPI/Swagger viewer. Affected versions are 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. The vulnerability allows an attacker to trick a user into clicking the Swagger OpenAPI viewer, causing HTTP requests...

9CVSS8.6AI score0.00774EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/09 12:0 a.m.22 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

4.8CVSS8.8AI score0.00774EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.6 views

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

4.8CVSS6.3AI score0.00774EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/11/09 12:0 a.m.99 views

CVE-2022-3726

Removed by vendor...

9CVSS7.3AI score0.00774EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/05 12:0 a.m.37 views

FreeBSD : Gitlab -- Multiple vulnerabilities (16f7ec68-5cce-11ed-9be7-454b1dd82c64)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 16f7ec68-5cce-11ed-9be7-454b1dd82c64 advisory. - Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS wit...

9CVSS6.2AI score0.86326EPSS
Exploits2References15
Rows per page
Query Builder