gitlab

1,423 tracked vulnerabilities.

CVE-2022-1963 MEDIUM
GitLab CE/EE <14.10.5-15.0.4-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2281 LOW
GitLab 12.5-14.10.4, 15.0-15.0.3, 15.1 - Information Disclosure via Group Milestone Release Association
Jul 01, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-2250 MEDIUM
GitLab 11.1-14.10.5 15.0-15.0.4 15.1-15.1.1 - Open Redirect
Jul 01, 2022
CVSS 4.7
EPSS 0.02
CVE-2022-2244 MEDIUM
GitLab EE/CE <14.10.5, <15.0.4, <15.1.1 - Privilege Escalation
Jul 01, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-2243 MEDIUM
GitLab 14.8-14.10.4, 15.0-15.0.3, 15.1 - Authenticated Issue Enumeration in Non-Linked Sentry Projects
Jul 01, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-2235 HIGH
GitLab 14.5-14.10.4, 15.0-15.0.3, 15.1 - Stored Cross-Site Scripting via ZenTao External Issue Tracker Link
Jul 01, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-2230 HIGH
GitLab 14.4-14.10.4, 15.0-15.0.3, 15.1 - Stored Cross-Site Scripting in Project Settings Page
Jul 01, 2022
CVSS 8.1
EPSS 0.56
CVE-2022-2227 LOW
GitLab < 14.10.5, 15.0 < 15.0.4, 15.1 < 15.1.1 - Improper Access Control in Runner Jobs API
Jul 01, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-2185 CRITICAL NUCLEI
GitLab <14.10.5-15.1.1 - Authenticated RCE
Jul 01, 2022
CVSS 9.9
EPSS 0.77
CVE-2022-1983 MEDIUM
GitLab EE <14.10.5-15.0.4-15.1.1 - Privilege Escalation
Jul 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-1680 CRITICAL
GitLab EE <14.9.5-15.0.1 - Privilege Escalation
Jun 06, 2022
CVSS 9.9
EPSS 0.15
CVE-2022-1944 MEDIUM
GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation
Jun 06, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1940 HIGH
GitLab 13.11-14.9.5, 14.10-14.10.4, 15.0-15.0.1 - Stored Cross-Site Scripting via Jira Integration
Jun 06, 2022
CVSS 7.7
EPSS 0.06
CVE-2022-1936 MEDIUM
GitLab 12.0.0-14.9.4, 14.10.0-14.10.3, 15.0.0 - Incorrect Authorization via Project Deploy Token
Jun 06, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-1935 MEDIUM
GitLab EE 12.0-14.9.4, 14.10-14.10.3, 15.0 - Incorrect Authorization via Project Trigger Token Bypass
Jun 06, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-1821 MEDIUM
GitLab CE/EE <14.9.5-15.0.1 - Info Disclosure
Jun 06, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1783 LOW
GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation
Jun 06, 2022
CVSS 2.7
EPSS 0.01
CVE-2022-1423 HIGH
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - RCE via CI/CD Cache Poisoning
May 19, 2022
CVSS 7.1
EPSS 0.01
CVE-2022-1416 MEDIUM
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - Stored Cross-Site Scripting in Pipeline Error Messages
May 19, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1413 MEDIUM
GitLab 1.0.2-14.8.5, 14.9.0-14.9.3, 14.10.0 - Insufficiently Protected Credentials via Integration Properties
May 19, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1545 MEDIUM
Gitlab CE/EE <14.8.6-14.10.1 - Info Disclosure
May 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1510 MEDIUM
GitLab <14.8.6-14.9.4-14.10.1 - DoS
May 11, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-1460 MEDIUM
GitLab 9.2-14.8.5, 14.9-14.9.3, 14.10 - Incorrect Authorization for Scheduled Pipelines
May 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1433 LOW
GitLab 14.4-14.8.5, 14.9-14.9.3, 14.10 - Stored Cross-Site Scripting via Markdown Cache Invalidation Bypass
May 11, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-1428 MEDIUM
GitLab < 14.8.6, 14.9 < 14.9.4, 14.10 < 14.10.1 - Allocation of Resources Without Limits or Throttling
May 11, 2022
CVSS 4.3
EPSS 0.01