CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3509 matches found

RedHat Linux•added 2023/02/08 6:41 p.m.•5 views

plugin: Non-constant time webhook signature comparison in GitHub Plugin

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

5.3CVSS5.8AI score0.00707EPSS

Exploits0References5

Tenable Nessus•added 2023/02/08 12:0 a.m.•22 views

GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4342)

The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by an information disclosure vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions...

5.5CVSS5.1AI score0.00731EPSS

Exploits0References2

NVD•added 2023/01/27 10:15 p.m.•27 views

CVE-2022-4255

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload...

5.3CVSS4.5AI score0.00491EPSS

Exploits0References2

UbuntuCve•added 2023/01/27 10:15 p.m.•36 views

CVE-2022-4255

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload...

5.3CVSS6.1AI score0.00491EPSS

Exploits0References3

Cvelist•added 2023/01/27 12:0 a.m.•23 views

CVE-2022-4255

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload...

4.3CVSS5.3AI score0.00491EPSS

Exploits0References2

Positive Technologies•added 2023/01/27 12:0 a.m.•6 views

PT-2023-14138 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.7 through 15.4.5 GitLab EE versions 15.5 through 15.5.4 GitLab EE versions 15.6 through 15.6.0 Description: An information leak issue was identified that exposes user email IDs through the webhook payload. Recommendation...

5.3CVSS4.9AI score0.00491EPSS

Exploits0References6

Vulnrichment•added 2023/01/27 12:0 a.m.•6 views

CVE-2022-4255

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload...

4.3CVSS5AI score0.00491EPSS

Exploits0References2

Debian CVE•added 2023/01/27 12:0 a.m.•33 views

CVE-2022-4255

Removed by vendor...

5.3CVSS6AI score0.00491EPSS

Exploits0

OSV•added 2023/01/27 12:0 a.m.•25 views

CVE-2022-4255

An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload...

4.3CVSS5AI score0.00491EPSS

Exploits0References4

NVD•added 2023/01/26 9:18 p.m.•21 views

CVE-2022-4054

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an...

5.5CVSS5.5AI score0.00707EPSS

Exploits1References3

Prion•added 2023/01/26 9:18 p.m.•17 views

Design/Logic Flaw

4.7CVSS5.3AI score0.00707EPSS

Exploits1References3Affected Software1

UbuntuCve•added 2023/01/26 9:18 p.m.•23 views

CVE-2022-4054

5.5CVSS6AI score0.00707EPSS

Exploits1References1

OSV•added 2023/01/26 9:18 p.m.•0 views

UBUNTU-CVE-2022-4054

5.5CVSS5.7AI score0.00707EPSS

Exploits1References2

Prion•added 2023/01/26 9:16 p.m.•17 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

5.5CVSS6.2AI score0.00719EPSS

Exploits1References3Affected Software1

UbuntuCve•added 2023/01/26 9:16 p.m.•26 views

CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

6.4CVSS6.5AI score0.00719EPSS

Exploits1References1

OSV•added 2023/01/26 9:16 p.m.•2 views

UBUNTU-CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

6.4CVSS6.5AI score0.00719EPSS

Exploits1References2

Vulnrichment•added 2023/01/24 12:0 a.m.•3 views

CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

5.5CVSS6.8AI score0.00719EPSS

Exploits1References3

Vulnrichment•added 2023/01/24 12:0 a.m.•7 views

CVE-2022-4054

5.5CVSS6.7AI score0.00707EPSS

Exploits1References3

Cvelist•added 2023/01/24 12:0 a.m.•22 views

CVE-2022-4054

5.5CVSS5.7AI score0.00707EPSS

Exploits1References3

Debian CVE•added 2023/01/24 12:0 a.m.•29 views

CVE-2022-4054