Greenwolf

4 exploits Active since Apr 2022
CVE-2022-1162 NOMISEC CRITICAL WRITEUP
GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
4 stars
CVSS 9.1
CVE-2022-1175 NOMISEC HIGH WORKING POC
GitLab 14.4-14.6.7 14.8-14.8.4 14.9-14.9.1 - Stored Cross-Site Scripting via Notes
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
1 stars
CVSS 8.7
CVE-2022-1162 EXPLOITDB CRITICAL text WORKING POC
GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
CVSS 9.1
CVE-2022-1175 EXPLOITDB HIGH text WORKING POC
GitLab 14.4-14.6.7 14.8-14.8.4 14.9-14.9.1 - Stored Cross-Site Scripting via Notes
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
CVSS 8.7