Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Filtered by product Gitlab
Total 790 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13300 1 Gitlab 1 Gitlab 2023-02-03 6.4 MEDIUM 10.0 CRITICAL
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
CVE-2022-3820 1 Gitlab 1 Gitlab 2023-02-01 N/A 6.5 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
CVE-2022-4092 1 Gitlab 1 Gitlab 2023-02-01 N/A 8.0 HIGH
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
CVE-2022-4054 1 Gitlab 1 Gitlab 2023-02-01 N/A 5.5 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
CVE-2022-3902 1 Gitlab 1 Gitlab 2023-02-01 N/A 6.4 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
CVE-2022-3740 1 Gitlab 1 Gitlab 2023-02-01 N/A 4.9 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
CVE-2022-3482 1 Gitlab 1 Gitlab 2023-02-01 N/A 5.3 MEDIUM
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
CVE-2022-3572 1 Gitlab 1 Gitlab 2023-02-01 N/A 6.1 MEDIUM
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
CVE-2022-3478 1 Gitlab 1 Gitlab 2023-02-01 N/A 4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
CVE-2022-2907 1 Gitlab 1 Gitlab 2023-01-25 N/A 6.5 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.
CVE-2023-0042 1 Gitlab 1 Gitlab 2023-01-20 N/A 6.1 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
CVE-2022-4365 1 Gitlab 1 Gitlab 2023-01-20 N/A 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.
CVE-2022-3573 1 Gitlab 1 Gitlab 2023-01-20 N/A 5.4 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP.
CVE-2022-4037 1 Gitlab 1 Gitlab 2023-01-20 N/A 8.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.
CVE-2022-3613 1 Gitlab 1 Gitlab 2023-01-19 N/A 7.5 HIGH
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.
CVE-2022-3870 1 Gitlab 1 Gitlab 2023-01-19 N/A 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility.
CVE-2022-3514 1 Gitlab 1 Gitlab 2023-01-18 N/A 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.
CVE-2022-4131 1 Gitlab 1 Gitlab 2023-01-18 N/A 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.
CVE-2022-4342 1 Gitlab 1 Gitlab 2023-01-18 N/A 3.8 LOW
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
CVE-2022-4167 1 Gitlab 1 Gitlab 2023-01-18 N/A 7.5 HIGH
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.