PT-2022-11502 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 through 14.6.5 GitLab CE/EE versions 14.7 through 14.7.4 GitLab CE/EE versions 14.8 through 14.8.2 Description: An issue has been discovered in GitLab CE/EE that may allow a remote, unauthenticated attacker to acces...

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor." The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication chec...

GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. GitLab Enterprise Edition and GitLab Community Edition have an authorization issue vulnerability that arises from an application exporting too much data in the...

Gitlab -- multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

The CVE-2022-0152 issue affects GitLab and is described as an unauthorized access vulnerability in the GraphQL API. Affected versions include all from 13.10 up to 14.4.5 (i.e., 13.10–14.4.4), all from 14.5.0 up to 14.5.3 (i.e., 14.5.0–14.5.2), and all from 14.6.0 up to 14.6.2 (i.e., 14.6.0–14.6.1...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

CVE-2022-0152

Removed by vendor...

FreeBSD : Gitlab -- Multiple Vulnerabilities (43f84437-73ab-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43f84437-73ab-11ec-a587-001b217b3468 advisory. - Gitlab reports: Arbitrary file read via group import feature Stored XSS in notes Lack of sta...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

UBUNTU-CVE-2021-39915

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

Improper access control

Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects...

CVE-2021-39915

CVE-2021-39915: GitLab CE/EE GraphQL API has improper access control that lets an attacker view the names of project access tokens on arbitrary projects. Affected: GitLab versions starting from 13.0 up to before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2. Remediation per sources is to upg...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...

PT-2021-22761 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: The issue is related to improper access control in the GraphQL API, allowing an attacker to see the nam...

CVE-2021-39904

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestion...