Total
988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0523 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. | |||||
| CVE-2023-0319 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. | |||||
| CVE-2022-3513 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP. | |||||
| CVE-2022-3375 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. | |||||
| CVE-2023-1071 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. | |||||
| CVE-2023-1417 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group. | |||||
| CVE-2023-1708 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 9.8 CRITICAL |
| An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. | |||||
| CVE-2023-1787 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. | |||||
| CVE-2023-1710 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 5.3 MEDIUM |
| A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. | |||||
| CVE-2023-1167 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 5.3 MEDIUM |
| Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. | |||||
| CVE-2023-0838 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 3.8 LOW |
| An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. | |||||
| CVE-2023-0450 | 1 Gitlab | 1 Gitlab | 2023-04-12 | N/A | 4.6 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. | |||||
| CVE-2022-2884 | 1 Gitlab | 1 Gitlab | 2023-04-03 | N/A | 9.9 CRITICAL |
| A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint | |||||
| CVE-2022-3573 | 2 Abb, Gitlab | 2 Drive Composer, Gitlab | 2023-03-22 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | |||||
| CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | |||||
| CVE-2022-3758 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | |||||
| CVE-2023-0483 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 3.8 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. | |||||
| CVE-2022-4462 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. | |||||
| CVE-2023-1072 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. | |||||
| CVE-2023-0050 | 1 Gitlab | 1 Gitlab | 2023-03-15 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | |||||