CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

CVE-2022-3330

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-2908

Removed by vendor...

CVE-2022-3330

Removed by vendor...

CVE-2022-3279

Removed by vendor...

CVE-2022-3325

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user...

CVE-2022-3283

Removed by vendor...

PT-2022-21757 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.8 through 15.2.5 GitLab CE/EE versions 15.3 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.1 Description: The issue is related to improper access control in the GitLab CE/EE API. This allows an unauthorized us...

PT-2022-4614 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 10.7 through 15.1.5 Gitlab CE/EE versions 15.2 through 15.2.3 Gitlab CE/EE versions 15.3 through 15.3.1 Description: A potential DoS issue was discovered, allowing an attacker to trigger high CPU usage via a specially...

PT-2022-4617 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.1.6 GitLab CE/EE version 15.2 prior to 15.2.4 GitLab CE/EE version 15.3 prior to 15.3.2 Description: The issue is related to insufficient input validation in GitLab, allowing a remote attacker to cause a deni...

PT-2022-4351

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.3.4 through 15.1.5 GitLab CE/EE versions 15.2 through 15.2.3 GitLab CE/EE versions 15.3 through 15.3.1 Description A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...

CVE-2022-2417

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...

Input validation

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply...

Information disclosure

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration...

CVE-2022-2095

The CVE-2022-2095 issue affects GitLab CE/EE: versions 13.7–15.0.4, 15.1–15.1.3, and 15.2–15.2.0 are affected by an improper access control check that lets an authenticated user view a public Deploy Key’s fingerprint and name when the key has write permission. GitLab notes that the private key is...

CVE-2022-2307

A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted,...

CVE-2022-2417

GitLab CVE-2022-2417 affects GitLab CE/EE; root cause is insufficient validation during project import, enabling an authenticated user to import a project with branch names that are 40 hexadecimal characters, which could enable supply-chain attacks by pinning to a specific commit. Affected versio...

CVE-2022-2417

Removed by vendor...

CVE-2022-2417

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply...