gitlab
1,423 tracked vulnerabilities.
CVE-2022-1426
LOW
GitLab 12.6-14.8.5, 14.9-14.9.3, 14.10 - Improper Authentication
May 11, 2022
CVSS 2.0
EPSS 0.01
CVE-2022-1406
MEDIUM
GitLab 8.12-14.8.5, 14.9.0-14.9.3, 14.10.0 - CI/CD Variable Exposure via Malicious Project Import
May 11, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-1352
MEDIUM
GitLab 11.0-14.8.6, 14.9-14.9.4, 14.10-14.10.1 - Insecure Direct Object Reference in Issue API
May 11, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-1124
MEDIUM
GitLab < 14.8.6, 14.9.0-14.9.4, 14.10.0 - Incorrect Authorization for Job Trace Log Access
May 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1431
MEDIUM
GitLab 12.10-14.8.5, 14.9-14.9.3, 14.10 - Denial of Service via PyPi API Endpoint
May 10, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1417
MEDIUM
GitLab 8.12-14.8.5, 14.9-14.9.3, 14.10 - Unauthenticated Project Wiki Access via CI Job
May 10, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-0477
MEDIUM
GitLab <14.5.4, <14.6.4, <14.7.1 - DoS
Apr 25, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-1193
MEDIUM
GitLab 10.7-14.7.7, 14.8-14.8.5, 14.9-14.9.2 - Unauthenticated Improper Access Control via Merge Requests
Apr 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1157
LOW
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Sensitive Information Exposure via Exception Log
Apr 11, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-1190
HIGH
GitLab 8.3-14.7.7, 14.8-14.8.5, 14.9-14.9.2 - Stored Cross-Site Scripting via Multi-Word Milestone References
Apr 04, 2022
CVSS 8.7
EPSS 0.87
CVE-2022-1189
LOW
GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure
Apr 04, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-1188
LOW
GitLab 12.1-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Server-Side Request Forgery via Repository Mirroring
Apr 04, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-1185
MEDIUM
GitLab 10.0.0-14.7.7 14.8.0-14.8.5 14.9.0-14.9.2 - Denial of Service via RDoc File Rendering
Apr 04, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-1175
HIGH
GitLab 14.4-14.6.7 14.8-14.8.4 14.9-14.9.1 - Stored Cross-Site Scripting via Notes
Apr 04, 2022
CVSS 8.7
EPSS 0.82
CVE-2022-1174
MEDIUM
GitLab 13.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - DoS via Crafted Input
Apr 04, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1162
CRITICAL
NUCLEI
GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password
Apr 04, 2022
CVSS 9.1
EPSS 0.76
CVE-2022-1148
MEDIUM
GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure
Apr 04, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-1121
MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Resource Consumption via GitLab Pages Timeout Bypass
Apr 04, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-1120
MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Sensitive Information Exposure via CI/CD Include Directive Error Message
Apr 04, 2022
CVSS 4.8
EPSS 0.01
CVE-2022-1111
LOW
GitLab CE/EE <14.9.2-14.8.5-14.0.7 - Info Disclosure
Apr 04, 2022
CVSS 2.4
EPSS 0.01
CVE-2022-1105
MEDIUM
GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure
Apr 04, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1100
MEDIUM
GitLab 13.1-14.7.6, 14.8.0-14.8.4, 14.9.0-14.9.1 - Denial of Service via Release Asset Link Update API
Apr 04, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1099
MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Uncontrolled Resource Consumption via Runner Tag Addition
Apr 04, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-0740
LOW
GitLab CE/EE <14.7.7-14.9.2 - Auth Bypass
Apr 04, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-0741
MEDIUM
GitLab 10.0.0-14.6.5 - Environment Variable Exposure via Sendmail Email Address Injection
Apr 01, 2022
CVSS 5.8
EPSS 0.01