yvvdwf

8 exploits Active since Aug 2020
CVE-2022-2884 WRITEUP CRITICAL WRITEUP
GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
CVSS 9.9
CVE-2020-13285 WRITEUP HIGH WRITEUP
GitLab 12.9.0-13.0.11 - Cross-Site Scripting in Issue Reference Tooltip
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
CVSS 7.3
CVE-2020-13340 WRITEUP HIGH WRITEUP
GitLab < 13.2.10, 13.3.7, 13.4.2 - Stored Cross-Site Scripting in CI Job Log
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
CVSS 8.7
CVE-2021-22220 WRITEUP MEDIUM WRITEUP
GitLab 13.10-13.10.5 - Stored Cross-Site Scripting in Blob Viewer of Notebooks
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
CVSS 6.1
CVE-2022-2428 WRITEUP MEDIUM WRITEUP
GitLab < 15.1.6, 15.2-15.2.4, 15.3-15.3.2 - Server-Side Request Forgery via Jupyter Notebook Viewer
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests
CVSS 6.4
CVE-2022-2527 WRITEUP HIGH WRITEUP
GitLab CE/EE <15.1.6-15.3.2 - Authenticated XSS
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim interacting with this content could lead to arbitrary requests.
CVSS 7.3
CVE-2022-2630 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <15.2.4-15.3.2 - Info Disclosure
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
CVSS 4.3
CVE-2022-2865 WRITEUP HIGH WRITEUP
GitLab CE/EE <15.1.6, <15.2.4, <15.3.2 - XSS
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVSS 7.3