joaxcar

8 exploits Active since Jan 2022
CVE-2022-0093 WRITEUP LOW WRITEUP
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Info Disclosure
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.
CVSS 3.5
CVE-2022-0125 WRITEUP MEDIUM WRITEUP
GitLab <14.4.5-14.6.2 - Privilege Escalation
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
CVSS 4.3
CVE-2022-1416 WRITEUP MEDIUM WRITEUP
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - Stored Cross-Site Scripting in Pipeline Error Messages
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling
CVSS 4.3
CVE-2022-1940 WRITEUP HIGH WRITEUP
GitLab 13.11-14.9.5, 14.10-14.10.4, 15.0-15.0.1 - Stored Cross-Site Scripting via Jira Integration
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
CVSS 7.7
CVE-2022-3060 WRITEUP HIGH WRITEUP
GitLab CE/EE <12.7 - Info Disclosure
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests
CVSS 7.3
CVE-2023-0155 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <15.8.5-15.10.1 - Open Redirect
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
CVSS 5.4
CVE-2023-1265 WRITEUP MEDIUM WRITEUP
GitLab <15.9.6-15.11.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.
CVSS 5.4
CVE-2023-1836 WRITEUP MEDIUM WRITEUP
GitLab <15.9.6-15.10.5-15.11.1 - XSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances
CVSS 4.4