CVE-2022-3288

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

GitLab 10.8 < 14.9.5 / 14.10.0 < 14.10.4 / 15.0.0 < 15.0.1 (CVE-2022-1821)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It...

GitLab 0.8.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39908)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be...

GitLab 12.0 < 14.4.5 / 14.5.0 < 14.5.3 / 14.6.0 < 14.6.2 (CVE-2022-0125)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab...

GitLab 8.4 < 14.4.5 / 14.5 < 14.5.3 / 14.6 < 14.6.2 (CVE-2021-39927)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests...

GitLab 13.10 < 14.4.5 / 14.5 < 14.5.3 / 14.6 < 14.6.2 (CVE-2022-0152)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLa...

GitLab 12.2 < 14.7.7 / 14.8 < 14.8.5 / 14.9 < 14.9.2 (CVE-2022-1189)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that...

PT-2022-12979 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.0 through 14.4.5 GitLab versions 14.5.0 through 14.5.3 GitLab versions 14.6.0 through 14.6.2 Description: An issue has been discovered in GitLab where it was not verifying that a maintainer of a project had the right access...

UBUNTU-CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

UBUNTU-CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

UBUNTU-CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

GitLab 10.5 < 13.10.5 / 13.11 < 13.11.5 / 13.12 < 13.12.2 (CVE-2021-22214)

Binary data gitlabcve-2021-22214.nbin...

PT-2021-6534 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.11 and up Description: The issue is related to insufficient input sanitization in markdown, allowing an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. This can be exploited...

CVE-2021-22175

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled...

PT-2020-13487 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: Membership changes are not reflected in ToDo subscriptions, allowing guest users to access confidential issues through the API...

PT-2020-13476 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 7.12 and later Description: The issue arises from improper group membership validation when a user account is deleted in GitLab. This allows a user to delete their own account without deleting or transferring their group...

PT-2020-13479 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.10.13 GitLab versions prior to 13.0.8 GitLab versions prior to 13.1.2 Description: A stored cross-site scripting issue was discovered in GitLab when editing references. Recommendations: For versions prior to...

CVE-2020-10085

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles...

PT-2020-11906 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.8.2 Description: The issue is related to incorrect access control in the LFS import process, potentially allowing access to LFS objects not owned by the user. This was internally discovered. Recommendations: For...

GitLab EE Insecure Privilege Vulnerability (CNVD-2020-14342)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 12.2 suffers from an insecure privilege...