Lucene search
K

629 matches found

Positive Technologies
Positive Technologies
added 2023/05/06 12:0 a.m.7 views

PT-2023-2917 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.9.6 GitLab CE/EE versions 15.10 through 15.10.5 GitLab CE/EE versions 15.11 through 15.11.1 Description: An issue has been discovered in GitLab CE/EE, where under certain conditions, a malicious...

9.6CVSS7.7AI score0.05042EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2023/05/03 12:0 a.m.9 views

CVE-2023-0155

An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown...

5.4CVSS5.2AI score0.00773EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/05 12:0 a.m.28 views

CVE-2023-1708

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine...

5.7CVSS9.5AI score0.01109EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/04/05 12:0 a.m.29 views

CVE-2023-1708

Removed by vendor...

9.8CVSS7.3AI score0.01109EPSS
Exploits0
NVD
NVD
added 2023/02/13 11:15 p.m.18 views

CVE-2022-3411

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

6.5CVSS6AI score0.01247EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/02/13 11:15 p.m.25 views

CVE-2022-3411

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

6.5CVSS6.6AI score0.01247EPSS
Exploits0References4
Prion
Prion
added 2023/02/13 11:15 p.m.20 views

Cross site request forgery (csrf)

A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a...

5.8CVSS7.7AI score0.00445EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/02/13 12:0 a.m.12 views

CVE-2023-0518

Removed by vendor...

7.5CVSS7.1AI score0.01216EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/02/13 12:0 a.m.24 views

CVE-2022-3759

Removed by vendor...

7.5CVSS7.1AI score0.01216EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/02/13 12:0 a.m.23 views

CVE-2022-3411

Removed by vendor...

6.5CVSS6.6AI score0.01247EPSS
Exploits0
OSV
OSV
added 2023/02/13 12:0 a.m.25 views

CVE-2022-3411

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

6.5CVSS6.3AI score0.01247EPSS
Exploits0References5
OSV
OSV
added 2023/02/13 12:0 a.m.12 views

CVE-2023-0518

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart...

4.3CVSS7.3AI score0.01216EPSS
Exploits0References5
NVD
NVD
added 2023/01/27 10:15 p.m.25 views

CVE-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS4.5AI score0.00546EPSS
Exploits1References2
Prion
Prion
added 2023/01/26 9:15 p.m.20 views

Improper access control

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...

5CVSS5.1AI score0.01034EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/01/26 9:15 p.m.23 views

Cross site scripting

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed...

5.8CVSS5.8AI score0.01074EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/26 9:15 p.m.30 views

CVE-2022-3482

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...

5.3CVSS6.1AI score0.01034EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/01/24 12:0 a.m.21 views

CVE-2022-3740

Removed by vendor...

6.5CVSS6.2AI score0.0089EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/01/24 12:0 a.m.28 views

CVE-2022-3572

Removed by vendor...

9.3CVSS6.9AI score0.01074EPSS
Exploits1
Debian CVE
Debian CVE
added 2023/01/17 12:0 a.m.41 views

CVE-2022-2907

Removed by vendor...

6.5CVSS6.6AI score0.00941EPSS
Exploits0
NVD
NVD
added 2023/01/12 4:15 a.m.17 views

CVE-2022-3514

An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the...

5.3CVSS4.5AI score0.00842EPSS
Exploits0References3
Rows per page
Query Builder