957 matches found
CVE-2022-0740
Removed by vendor...
CVE-2022-0740
GitLab CE/EE versions are affected by an incorrect authorization in the Asana integration's branch restriction feature, allowing closure of Asana tasks from unrestricted branches. Affected ranges: 7.8.0–14.7.6; 14.8.0–14.8.4; 14.9.0–14.9.1. Root cause: enforcement gap in the branch restriction lo...
CVE-2022-0425
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...
CVE-2021-39908
In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code...
CVE-2022-0373
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address...
CVE-2022-0425
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...
CVE-2022-0741
Removed by vendor...
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...
CVE-2022-0425
Summary (CVE-2022-0425) A DNS rebinding vulnerability in the Irker IRC Gateway integration affects all GitLab CE/EE versions since 7.9, enabling Server Side Request Forgery (SSRF). The issue is tied to the GitLab Irker gateway component, with root cause described as DNS rebinding that can trigger...
CVE-2022-0425
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...
PT-2022-13211 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.15 and later Description: An issue has been discovered in GitLab CE/EE that allows a Denial of Service DOS to be triggered by using the math feature with a specific formula in issue comments. Recommendations: For GitLa...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
Authentication flaw
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
CVE-2022-0751
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...
CVE-2021-39946
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...
CVE-2021-39942
A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to...