CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/10/17 12:0 a.m.•94 views

CVE-2022-2533

GitLab CVE-2022-2533 affects GitLab versions 12.10–15.1.5, 15.2.0–15.2.3, and 15.3.0–15.3.1. The flaw is an authentication issue in certain Package Registries where IP-restriction checks were bypassed, enabling an attacker with a valid Deploy Token to misuse it from any location. Impact is elevat...

7.4CVSS7.2AI score0.00652EPSS

Exploits0References2Affected Software1

Debian CVE•added 2022/10/17 12:0 a.m.•35 views

CVE-2022-2533

Removed by vendor...

7.4CVSS7.1AI score0.00652EPSS

Exploits0

Positive Technologies•added 2022/10/17 12:0 a.m.•3 views

PT-2022-21530 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.2 through 15.2.4 GitLab EE versions 15.3 through 15.3.3 GitLab EE versions 15.4 through 15.4.0 Description: The issue is related to a lack of IP address checking in GitLab EE, which allows a group member to bypass IP...

5.3CVSS4.8AI score0.00439EPSS

Exploits0References11

Vulnrichment•added 2022/10/17 12:0 a.m.•9 views

CVE-2022-3286

Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token...

5.3CVSS6.8AI score0.00439EPSS

OSV•added 2022/10/17 12:0 a.m.•22 views

CVE-2022-2533

6.5CVSS7.2AI score0.00652EPSS

Exploits0References4

Vulnrichment•added 2022/10/17 12:0 a.m.•7 views

CVE-2022-2533

6.5CVSS7.2AI score0.00652EPSS

RedHat Linux•added 2022/10/13 7:14 p.m.•48 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

6.5CVSS6.6AI score0.00792EPSS

Exploits0References7

OSV•added 2022/09/30 4:15 a.m.•4 views

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

9.8CVSS5.8AI score0.0069EPSS

NVD•added 2022/09/30 4:15 a.m.•21 views

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

9.8CVSS0.0069EPSS

Prion•added 2022/09/30 4:15 a.m.•23 views

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

7.5CVSS9.4AI score0.0069EPSS

Cvelist•added 2022/09/30 12:0 a.m.•29 views

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

9.7AI score0.0069EPSS

CVE•added 2022/09/30 12:0 a.m.•63 views

CVE-2022-2778

CVE-2022-2778 affects Octopus Deploy. The connected documents describe a vulnerability that allows bypassing login rate limiting by using null bytes, enabling potential repeated login attempts without proper throttling. The description consistently ties this to Octopus Deploy implementations and ...

9.8CVSS9.3AI score0.0069EPSS

Positive Technologies•added 2022/09/30 12:0 a.m.•5 views

PT-2022-18578 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows bypassing rate limiting on login using null bytes. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS9.3AI score0.0069EPSS

Vulnrichment•added 2022/09/30 12:0 a.m.•6 views

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

9.5AI score0.0069EPSS

OSV•added 2022/09/28 12:15 p.m.•1 views

CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

4.3CVSS5.8AI score

NVD•added 2022/09/28 12:15 p.m.•17 views

CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

4.3CVSS0.00435EPSS

Prion•added 2022/09/28 12:15 p.m.•15 views

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

4CVSS4.6AI score0.00435EPSS

CVE•added 2022/09/28 12:0 a.m.•48 views

CVE-2022-2760

CVE-2022-2760 describes an information-disclosure issue in Octopus Deploy: when a resource is part of another Space, an error message can reveal the Space ID of spaces the user is not authorized to view. The available connected documents do not specify affected versions, exact root-cause details ...

4.3CVSS4.5AI score0.00435EPSS

Cvelist•added 2022/09/28 12:0 a.m.•31 views

CVE-2022-2760

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space...

4.8AI score0.00435EPSS