BIT-GITLAB-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

GitLab 13.2 < 14.8.6, 14.9.0 < 14.9.4, 14.10 < 14.10.1 Information Disclosure Vulnerability

GitLab is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 12.6.0 < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Authentication Vulnerability

GitLab is prone to an authentication vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if descriptio...

GitLab 11.0.0 < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Information Disclosure Vulnerability

GitLab is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 8.12.0 < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Input Validation Vulnerability

GitLab is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Information Disclosure Vulnerability

GitLab is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 1.0.2 < 14.8.6, 14.9.0 < 14.9.4, 14.10.0 < 14.10.1 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

GitLab 13.2 < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Information Disclosure

According to its self-reported version, the instance of GitLab running on the remote web server is 13.2 prior to 14.8.6, 14.9.x prior to 14.9.4, or 14.10.x prior to 14.10.1. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability exists in confidential...

CVE-2022-1428

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being...

Cross site scripting

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

CVE-2022-1426

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed ...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being...

CVE-2022-1428

CVE-2022-1428 affects GitLab versions prior to 14.8.6, and 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1. The issue is that GitLab was incorrectly verifying throttling limits for authenticated package requests, causing limits to be unenforced. The vulnerability is documented across multiple so...

CVE-2022-1545

Removed by vendor...

PT-2022-13881 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 14.8.6 GitLab versions 14.9 through 14.9.4 GitLab versions 14.10 through 14.10.1 Description: The issue in GitLab arises from incorrect verification of throttling limits for authenticated package requests, resulting i...

GitLab 8.12.x < 14.8.6, 14.9.x < 14.9.4, 14.10.x < 14.10.1 Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Multiple Vulnerabilities

According to its self-reported version, the instance of GitLab running on the remote web server is prior to 14.8.6, 14.9.x prior to 14.9.4, or 14.10.x prior to 14.10.1. It is, therefore, affected by the following vulnerabilities: - An improper authorization issue exists in GitLab CE/EE that allow...