VuXML ID | Description |
01974420-dfaf-11eb-ba49-001b217b3468 | Gitlab -- vulnerability
Gitlab reports:
Arbitrary file read via design feature
Discovery 2021-07-07 Entry 2021-07-08 gitlab-ce
ge 14.0.0 lt 14.0.4
ge 13.12.0 lt 13.12.8
ge 13.11.0 lt 13.11.7
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/
|
01bde18a-2e09-11ea-a935-001b217b3468 | Gitlab -- Multiple Vulnerabilities
SO-AND-SO reports:
Group Maintainers Can Update/Delete Group Runners Using API
GraphQL Queries Can Hang the Application
Unauthorized Users Have Access to Milestones of Releases
Private Group Name Revealed Through Protected Tags API
Users Can Publish Reviews on Locked Merge Requests
DoS in the Issue and Commit Comments Pages
Project Name Disclosed Through Unsubscribe Link
Private Project Name Disclosed Through Notification Settings
Discovery 2020-01-02 Entry 2020-01-03 gitlab-ce
ge 12.6.0 lt 12.6.2
ge 12.5.0 lt 12.5.6
ge 5.1.0 lt 12.4.7
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20144
CVE-2019-20146
CVE-2019-20143
CVE-2019-20147
CVE-2019-20145
CVE-2019-20142
CVE-2019-20148
CVE-2020-5197
|
04422df1-40d8-11ed-9be7-454b1dd82c64 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Denial of Service via cloning an issue
Arbitrary PUT request as victim user through Sentry error list
Content injection via External Status Checks
Project maintainers can access Datadog API Key from logs
Unsafe serialization of Json data could lead to sensitive data leakage
Import bug allows importing of private local git repos
Maintainer can leak Github access tokens by changing integration URL (even after 15.2.1 patch)
Unauthorized users able to create issues in any project
Bypass group IP restriction on Dependency Proxy
Healthcheck endpoint allow list can be bypassed when accessed over HTTP in an HTTPS enabled system
Disclosure of Todo details to guest users
A user's primary email may be disclosed through group member events webhooks
Content manipulation due to branch/tag name confusion with the default branch name
Leakage of email addresses in WebHook logs
Specially crafted output makes job logs inaccessible
Enforce editing approval rules on project level
Discovery 2022-09-29 Entry 2022-09-30 gitlab-ce
ge 15.4.0 lt 15.4.1
ge 15.3.0 lt 15.3.4
ge 9.3.0 lt 15.2.5
CVE-2022-3293
CVE-2022-3279
CVE-2022-3325
https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/
CVE-2022-3283
CVE-2022-3060
CVE-2022-2904
CVE-2022-3018
CVE-2022-3291
CVE-2022-3067
CVE-2022-2882
CVE-2022-3066
CVE-2022-3286
CVE-2022-3285
CVE-2022-3330
CVE-2022-3351
CVE-2022-3288
|
065b3b72-c5ab-11e8-9ae2-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
SSRF GCP access token disclosure
Persistent XSS on issue details
Diff formatter DoS in Sidekiq jobs
Confidential information disclosure in events API endpoint
validate_localhost function in url_blocker.rb could be bypassed
Slack integration CSRF Oauth2
GRPC::Unknown logging token disclosure
IDOR merge request approvals
Persistent XSS package.json
Persistent XSS merge request project import
Discovery 2018-10-01 Entry 2018-10-01 gitlab-ce
ge 11.3.0 lt 11.3.1
ge 11.2.0 lt 11.2.4
ge 7.6.0 lt 11.1.7
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17450
CVE-2018-17454
CVE-2018-15472
CVE-2018-17449
CVE-2018-17452
CVE-2018-17451
CVE-2018-17453
CVE-2018-17455
CVE-2018-17537
CVE-2018-17536
|
0762fa72-e530-11e9-86e9-001b217b3468 | Gitlab -- Disclosure Vulnerabilities
Gitlab reports:
Disclosure of Private Code, Merge Requests and Commits via Elasticsearch integration
Discovery 2019-10-02 Entry 2019-10-02 gitlab-ce
ge 12.3.0 lt 12.3.3
ge 12.2.0 lt 12.2.7
ge 8.17.0 lt 12.1.13
https://about.gitlab.com/2019/10/02/security-release-gitlab-12-dot-3-dot-3-released/
|
08fba28b-6f9f-11ea-bd0b-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Arbitrary File Read when Moving an Issue
Path Traversal in NPM Package Registry
SSRF on Project Import
External Users Can Create Personal Snippet
Triggers Decription Can be Updated by Other Maintainers in Project
Information Disclosure on Confidential Issues Moved to Private Programs
Potential DoS in Repository Archive Download
Blocked Users Can Still Pull/Push Docker Images
Repository Mirroring not Disabled when Feature not Activated
Vulnerability Feedback Page Was Leaking Information on Vulnerabilities
Stored XSS Vulnerability in Admin Feature
Upload Feature Allowed a User to Read Unauthorized Exported Files
Unauthorized Users Are Able to See CI Metrics
Last Pipeline Status of a Merge Request Leaked
Blind SSRF on FogBugz
Update Nokogiri dependency
Discovery 2020-03-26 Entry 2020-03-26 gitlab-ce
ge 12.9.0 lt 12.9.1
ge 12.8.0 lt 12.8.8
ge 0 lt 12.7.8
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10953
CVE-2020-10956
CVE-2020-10954
CVE-2020-10952
CVE-2020-10955
CVE-2020-9795
|
0a305431-bc98-11ea-a051-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Missing Permission Check on Time Tracking
Cross-Site Scripting in PyPi Files API
Insecure Authorization Check on Private Project Security Dashboard
Cross-Site Scripting in References
Cross-Site Scripting in Group Names
Cross-Site Scripting in Blob Viewer
Cross-Site Scripting in Error Tracking
Insecure Authorisation Check on Creation and Deletion of Deploy Tokens
User Name Format Restiction Bypass
Denial of Service in Issue Comments
Cross-Site Scripting in Wiki Pages
Private Merge Request Updates Leaked via Todos
Private User Activity Leaked via API
Cross-Site Scripting in Bitbucket Import Feature
Github Project Restriction Bypass
Update PCRE Dependency
Update Kaminari Gem
Cross-Site Scripting in User Profile
Update Xterm.js
Discovery 2020-07-01 Entry 2020-07-02 gitlab-ce
ge 13.1.0 lt 13.1.2
ge 13.0.0 lt 13.0.8
ge 0 lt 12.10.13
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
CVE-2020-14155
CVE-2020-11082
CVE-2019-0542
|
0a8ebf4a-5660-11eb-b4e2-001b217b3468 | Gitlab -- vulnerability
SO-AND-SO reports:
Ability to steal a user's API access token through GitLab Pages
Discovery 2021-01-14 Entry 2021-01-14 gitlab-ce
ge 13.7.0 lt 13.7.4
ge 13.6.0 lt 13.6.5
ge 12.2 lt 13.5.7
https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/
|
1020d401-6d2d-11eb-ab0b-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Improper Certificate Validation for Fortinet OTP
Denial of Service Attack on gitlab-shell
Resource exhaustion due to pending jobs
Confidential issue titles were exposed
Improper access control allowed demoted project members to access authored merge requests
Improper access control allowed unauthorized users to access analytic pages
Unauthenticated CI lint API may lead to information disclosure and SSRF
Prometheus integration in Gitlab may lead to SSRF
Discovery 2021-02-11 Entry 2021-02-12 gitlab-ce
ge 13.8.0 lt 13.8.4
ge 13.7.0 lt 13.7.7
ge 10.5 lt 13.6.7
https://about.gitlab.com/releases/2021/02/11/security-release-gitlab-13-8-4-released/
|
11292460-3f2f-11e9-adcb-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Arbitrary file read via MergeRequestDiff
CSRF add Kubernetes cluster integration
Blind SSRF in prometheus integration
Merge request information disclosure
IDOR milestone name information disclosure
Burndown chart information disclosure
Private merge request titles in public project information disclosure
Private namespace disclosure in email notification when issue is moved
Milestone name disclosure
Issue board name disclosure
NPM automatic package referencer
Path traversal snippet mover
Information disclosure repo existence
Issue DoS via Mermaid
Privilege escalation impersonate user
Discovery 2019-03-04 Entry 2019-03-05 gitlab-ce
ge 11.8.0 lt 11.8.1
ge 11.7.0 lt 11.7.6
ge 2.9.0 lt 11.6.10
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
CVE-2019-9221
CVE-2019-9176
CVE-2019-9174
CVE-2019-9172
CVE-2019-9170
CVE-2019-9175
CVE-2019-9178
CVE-2019-9179
CVE-2019-9171
CVE-2019-9224
CVE-2019-9225
CVE-2019-9219
CVE-2019-9217
CVE-2019-9222
CVE-2019-9223
CVE-2019-9220
CVE-2019-9485
|
1138b39e-6abb-11e9-a685-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Moving an Issue to Private Repo Leaks Project Namespace
Notification Emails Sent to Restricted Users
Unauthorized Comments on Confidential Issues
Merge Request Approval Count Inflation
Unsanitized Branch Names on New Merge Request Notification Emails
Improper Sanitation of Credentials in Gitaly
Discovery 2019-04-29 Entry 2019-04-29 gitlab-ce
ge 11.10.0 lt 11.10.2
ge 11.9.0 lt 11.9.10
ge 6.0.0 lt 11.8.9
https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
CVE-2019-11545
CVE-2019-11544
CVE-2019-11548
CVE-2019-11546
CVE-2019-11547
CVE-2019-11549
|
16f7ec68-5cce-11ed-9be7-454b1dd82c64 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
DAST analyzer sends custom request headers with every request
Stored-XSS with CSP-bypass via scoped labels' color
Maintainer can leak Datadog API key by changing integration URL
Uncontrolled resource consumption when parsing URLs
Issue HTTP requests when users view an OpenAPI document and click buttons
Command injection in CI jobs via branch name in CI pipelines
Open redirection
Prefill variables do not check permission of the project in external CI config
Disclosure of audit events to insufficiently permissioned group and project members
Arbitrary GFM references rendered in Jira issue description leak private/confidential resources
Award emojis API for an internal note is accessible to users without access to the note
Open redirect in pipeline artifacts when generating HTML documents
Retrying a job in a downstream pipeline allows the retrying user to take ownership of the retried jobs in upstream pipelines
Project-level Secure Files can be written out of the target directory
Discovery 2022-11-02 Entry 2022-11-05 gitlab-ce
ge 15.5.0 lt 15.5.2
ge 15.4.0 lt 15.4.4
ge 9.3.0 lt 15.3.5
CVE-2022-3767
CVE-2022-3265
CVE-2022-3483
CVE-2022-3818
CVE-2022-3726
CVE-2022-2251
CVE-2022-3486
CVE-2022-3793
CVE-2022-3413
CVE-2022-2761
CVE-2022-3819
CVE-2022-3280
CVE-2022-3706
https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/
|
174e466b-1d48-11eb-bd0f-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Path Traversal in LFS Upload
Path traversal allows saving packages in arbitrary location
Kubernetes agent API leaks private repos
Terraform state deletion API exposes object storage URL
Stored-XSS in error message of build-dependencies
Git credentials persisted on disk
Potential Denial of service via container registry
Info leak when group is transferred from private to public group
Limited File Disclosure Via Multipart Bypass
Unauthorized user is able to access scheduled pipeline variables and values
CSRF in runner administration page allows an attacker to pause/resume runners
Regex backtracking attack in path parsing of Advanced Search result
Bypass of required CODEOWNERS approval
SAST CiConfiguration information visible without permissions
Discovery 2020-11-02 Entry 2020-11-02 gitlab-ce
ge 13.5.0 lt 13.5.2
ge 13.4.0 lt 13.4.5
ge 8.8.9 lt 13.3.9
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
CVE-2020-13355
CVE-2020-26405
CVE-2020-13358
CVE-2020-13359
CVE-2020-13340
CVE-2020-13353
CVE-2020-13354
CVE-2020-13352
CVE-2020-13356
CVE-2020-13351
CVE-2020-13350
CVE-2020-13349
CVE-2020-13348
|
1aa7a094-1147-11ea-b537-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Path traversal with potential remote code execution
Private objects exposed through project import
Disclosure of notes via Elasticsearch integration
Disclosure of comments via Elasticsearch integration
DNS Rebind SSRF in various chat notifications
Disclosure of vulnerability status in dependency list
Disclosure of commit count in Cycle Analytics
Exposure of related branch names
Tags pushes from blocked users
Branches and Commits exposed to Guest members via integration
IDOR when adding users to protected environments
Former project members able to access repository information
Unauthorized access to grafana metrics
Todos created for former project members
Update Mattermost dependency
Disclosure of AWS secret keys on certain Admin pages
Stored XSS in Group and User profile fields
Forked project information disclosed via Project API
Denial of Service in the issue and commit comment pages
Tokens stored in plaintext
Discovery 2019-11-27 Entry 2019-11-27 gitlab-ce
ge 12.5.0 lt 12.5.1
ge 12.4.0 lt 12.4.4
< 12.3.7
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19088
CVE-2019-19309
CVE-2019-19086
CVE-2019-19087
CVE-2019-19261
CVE-2019-19256
CVE-2019-19254
CVE-2019-19257
CVE-2019-19263
CVE-2019-19258
CVE-2019-19259
CVE-2019-19260
CVE-2019-19262
CVE-2019-19255
CVE-2019-19310
CVE-2019-19311
CVE-2019-19312
CVE-2019-19313
CVE-2019-19314
|
1bdd4db6-2223-11ec-91be-001b217b3468 | Gitlab -- vulnerabilities
Gitlab reports:
Stored XSS in merge request creation page
Denial-of-service attack in Markdown parser
Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown
DNS Rebinding vulnerability in Gitea importer
Exposure of trigger tokens on project exports
Improper access control for users with expired password
Access tokens are not cleared after impersonation
Reflected Cross-Site Scripting in Jira Integration
DNS Rebinding vulnerability in Fogbugz importer
Access tokens persist after project deletion
User enumeration vulnerability
Potential DOS via API requests
Pending invitations of public groups and public projects are visible to any user
Bypass Disabled Repo by URL Project Creation
Low privileged users can see names of the private groups shared in projects
API discloses sensitive info to low privileged users
Epic listing do not honour group memberships
Insecure Direct Object Reference vulnerability may lead to protected branch names getting disclosed
Low privileged users can import users from projects that they they are not a maintainer on
Potential DOS via dependencies API
Create a project with unlimited repository size through malicious Project Import
Bypass disabled Bitbucket Server import source project creation
Requirement to enforce 2FA is not honored when using git commands
Content spoofing vulnerability
Improper session management in impersonation feature
Create OAuth application with arbitrary scopes through content spoofing
Lack of account lockout on change password functionality
Epic reference was not updated while moved between groups
Missing authentication allows disabling of two-factor authentication
Information disclosure in SendEntry
Discovery 2021-09-30 Entry 2021-09-30 gitlab-ce
ge 14.3.0 lt 14.3.1
ge 14.2.0 lt 14.2.5
ge 0 lt 14.1.7
CVE-2021-39885
CVE-2021-39877
CVE-2021-39887
CVE-2021-39867
CVE-2021-39869
CVE-2021-39872
CVE-2021-39878
CVE-2021-39866
CVE-2021-39882
CVE-2021-39875
CVE-2021-39870
CVE-2021-39884
CVE-2021-39883
CVE-2021-22259
CVE-2021-39868
CVE-2021-39871
CVE-2021-39874
CVE-2021-39873
CVE-2021-39881
CVE-2021-39886
CVE-2021-39879
https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/
|
1cd89254-b2db-11e9-8001-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
GitHub Integration SSRF
Trigger Token Impersonation
Build Status Disclosure
SSRF Mitigation Bypass
Information Disclosure New Issue ID
IDOR Label Name Enumeration
Persistent XSS Wiki Pages
User Revokation Bypass with Mattermost Integration
Arbitrary File Upload via Import Project Archive
Information Disclosure Vulnerability Feedback
Persistent XSS via Email
Denial Of Service Epic Comments
Email Verification Bypass
Override Merge Request Approval Rules
Discovery 2019-07-29 Entry 2019-07-30 gitlab-ce
ge 12.1.0 lt 12.1.2
ge 12.0.0 lt 12.0.4
ge 8.9.0 lt 11.11.7
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
|
1d651770-f4f5-11eb-ba49-001b217b3468 | Gitlab -- Gitlab
Gitlab reports:
Stored XSS in Mermaid when viewing Markdown files
Stored XSS in default branch name
Perform Git actions with an impersonation token even if impersonation is disabled
Tag and branch name confusion allows Developer to access protected CI variables
New subscriptions generate OAuth tokens on an incorrect OAuth client application
Ability to list and delete impersonation tokens for your own user
Pipelines page is partially visible for users that have no right to see CI/CD
Improper email validation on an invite URL
Unauthorised user was able to add meta data upon issue creation
Unauthorized user can trigger deployment to a protected environment
Guest in private project can see CI/CD Analytics
Guest users can create issues for Sentry errors and track their status
Private user email disclosure via group invitation
Projects are allowed to add members with email address domain that should be blocked by group settings
Misleading username could lead to impersonation in using SSH Certificates
Unauthorized user is able to access and view project vulnerability reports
Denial of service in repository caused by malformed commit author
Discovery 2021-08-03 Entry 2021-08-04 gitlab-ce
ge 14.1.0 lt 14.1.2
ge 14.0.0 lt 14.0.7
ge 0 lt 13.12.9
CVE-2021-22237
CVE-2021-22236
CVE-2021-22239
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
|
1ece5591-4ea9-11ea-86f0-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Incorrect membership handling of group sharing feature
Discovery 2020-02-13 Entry 2020-02-13 gitlab-ce
ge 12.7.0 lt 12.7.6
ge 12.6.0 lt 12.6.7
ge 12.5.0 lt 12.5.10
https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8795
|
1fb13175-ed52-11ea-8b93-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Vendor Cross-Account Assume-Role Attack
Stored XSS on the Vulnerability Page
Outdated Job Token Can Be Reused to Access Unauthorized Resources
File Disclosure Via Workhorse File Upload Bypass
Unauthorized Maintainer Can Edit Group Badge
Denial of Service Within Wiki Functionality
Sign-in Vulnerable to Brute-force Attacks
Invalidated Session Allows Account Access With an Old Password
GitLab Omniauth Endpoint Renders User Controlled Messages
Blind SSRF Through Repository Mirroring
Information Disclosure Through Incorrect Group Permission Verifications
No Rate Limit on GitLab Webhook Feature
GitLab Session Revocation Feature Does Not Invalidate All Sessions
OAuth Authorization Scope for an External Application Can Be Changed Without User Consent
Unauthorized Maintainer Can Delete Repository
Improper Verification of Deploy-Key Leads to Access Restricted Repository
Disabled Repository Still Accessible With a Deploy-Token
Duplicated Secret Code Generated by 2 Factor Authentication Mechanism
Lack of Validation Within Project Invitation Flow
Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication
Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab
Lack of Upper Bound Check Leading to Possible Denial of Service
2 Factor Authentication for Groups Was Not Enforced Within API Endpoint
GitLab Runner Denial of Service via CI Jobs
Update jQuery Dependency
Discovery 2020-09-02 Entry 2020-09-02 gitlab-ce
ge 13.3.0 lt 13.3.4
ge 13.2.0 lt 13.2.8
ge 0 lt 13.1.10
https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13318
CVE-2020-13301
CVE-2020-13284
CVE-2020-13298
CVE-2020-13313
CVE-2020-13311
CVE-2020-13289
CVE-2020-13302
CVE-2020-13314
CVE-2020-13309
CVE-2020-13287
CVE-2020-13306
CVE-2020-13299
CVE-2020-13300
CVE-2020-13317
CVE-2020-13303
CVE-2020-13316
CVE-2020-13304
CVE-2020-13305
CVE-2020-13307
CVE-2020-13308
CVE-2020-13315
CVE-2020-13297
CVE-2020-13310
CVE-2020-11022
|
21944144-1b90-11ea-a2d4-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Path traversal with potential remote code execution
Disclosure of private code via Elasticsearch integration
Update Git dependency
Discovery 2019-12-10 Entry 2019-12-10 gitlab-ce
ge 12.5.0 lt 12.5.4
ge 12.4.0 lt 12.4.6
ge 10.5.0 lt 12.3.9
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
CVE-2019-19628
CVE-2019-19629
CVE-2019-19604
|
23413442-c8ea-11e8-b35c-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Merge request information disclosure
Private project namespace information disclosure
Gitlab Flavored Markdown API information disclosure
Discovery 2018-10-05 Entry 2018-10-05 gitlab-ce
ge 11.3.0 lt 11.3.4
ge 11.2.0 lt 11.2.5
ge 10.2.0 lt 11.1.8
https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
CVE-2018-17939
CVE-2018-17976
CVE-2018-17975
|
2823048d-9f8f-11ec-8c9c-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Runner registration token disclosure through Quick Actions
Unprivileged users can add other users to groups through an API endpoint
Inaccurate display of Snippet contents can be potentially misleading to users
Environment variables can be leaked via the sendmail delivery method
Unauthenticated user enumeration on GraphQL API
Adding a mirror with SSH credentials can leak password
Denial of Service via user comments
Discovery 2022-02-25 Entry 2022-03-09 gitlab-ce
ge 14.8.0 lt 14.8.2
ge 14.7.0 lt 14.7.4
ge 0 lt 14.6.5
CVE-2022-0735
CVE-2022-0549
CVE-2022-0751
CVE-2022-0741
CVE-2021-4191
CVE-2022-0738
CVE-2022-0489
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
|
2da838f9-9168-11e8-8c75-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
Gitlab reports:
Markdown DoS
Information Disclosure Prometheus Metrics
CSRF in System Hooks
Persistent XSS Pipeline Tooltip
Persistent XSS in Branch Name via Web IDE
Persistent XSS in Branch Name via Web IDE
Discovery 2018-07-26 Entry 2018-07-27 gitlab-ce
ge 11.1.0 lt 11.1.2
ge 11.0.0 lt 11.0.5
ge 2.7.0 lt 10.8.7
CVE-2018-14601
CVE-2018-14602
CVE-2018-14603
CVE-2018-14604
CVE-2018-14605
CVE-2018-14606
https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
|
33557582-3958-11ec-90ba-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Stored XSS via ipynb files
Pipeline schedules on imported projects can be set to automatically active after import
Potential Denial of service via Workhorse
Improper Access Control allows Merge Request creator to bypass locked status
Projects API discloses ID and name of private groups
Severity of an incident can be changed by a guest user
System root password accidentally written to log file
Potential DoS via a malformed TIFF image
Bypass of CODEOWNERS Merge Request approval requirement
Change project visibility to a restricted option
Project exports leak external webhook token value
SCIM token is visible after creation
Invited group members, with access inherited from parent group, continue to have project access even after invited subgroup is transfered
Regular expression denial of service issue when cleaning namespace path
Prevent creation of scopeless apps using applications API
Webhook data exposes assignee's private email address
Discovery 2021-10-28 Entry 2021-10-30 gitlab-ce
ge 14.4.0 lt 14.4.1
ge 14.3.0 lt 14.3.4
ge 0 lt 14.2.6
CVE-2021-39906
CVE-2021-39895
CVE-2021-39907
CVE-2021-39904
CVE-2021-39905
CVE-2021-39902
CVE-2021-39913
CVE-2021-39912
CVE-2021-39909
CVE-2021-39903
CVE-2021-39898
CVE-2021-39901
CVE-2021-39897
CVE-2021-39914
CVE-2021-39911
https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/
|
3507bfb3-85d5-11ec-8c9c-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Arbitrary POST requests via special HTML attributes in Jupyter Notebooks
DNS Rebinding vulnerability in Irker IRC Gateway integration
Missing certificate validation for external CI services
Blind SSRF Through Project Import
Open redirect vulnerability in Jira Integration
Issue link was disclosing the linked issue
Service desk email accessible by project non-members
Authenticated users can search other users by their private email
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
Deleting packages in bulk from package registries may cause table locks
Autocomplete enabled on specific pages
Possible SSRF due to not blocking shared address space
System notes reveals private project path when Issue is moved to a public project
Timeout for pages using Markdown
Certain branch names could not be protected
Discovery 2022-02-03 Entry 2022-02-04 gitlab-ce
ge 14.7.0 lt 14.7.1
ge 14.6.0 lt 14.6.4
ge 0 lt 14.5.4
CVE-2022-0427
CVE-2022-0425
CVE-2022-0123
CVE-2022-0136
CVE-2022-0283
CVE-2022-0390
CVE-2022-0373
CVE-2022-0371
CVE-2021-39943
CVE-2022-0477
CVE-2022-0167
CVE-2022-0249
CVE-2022-0344
CVE-2022-0488
CVE-2021-39931
https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/
|
3a023570-91ab-11ed-8950-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Race condition on gitlab.com enables verified email forgery and third-party account hijacking
DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint
Maintainer can leak sentry token by changing the configured URL
Maintainer can leak masked webhook secrets by changing target URL of the webhook
Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP
Group access tokens continue to work after owner loses ability to revoke them
Users' avatar disclosure by user ID in private GitLab instances
Arbitrary Protocol Redirection in GitLab Pages
Regex DoS due to device-detector parsing user agents
Regex DoS in the Submodule Url Parser
Discovery 2023-01-09 Entry 2023-01-11 gitlab-ce
ge 15.7.0 lt 15.7.2
ge 15.6.0 lt 15.6.4
ge 6.6.0 lt 15.5.7
CVE-2022-4037
CVE-2022-3613
CVE-2022-4365
CVE-2022-4342
CVE-2022-3573
CVE-2022-4167
CVE-2022-3870
CVE-2023-0042
CVE-2022-4131
CVE-2022-3514
https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/
|
3cde510a-7135-11ed-a28b-bff032704f00 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
DAST API scanner exposes Authorization headers in vulnerabilities
Group IP allow-list not fully respected by the Package Registry
Deploy keys and tokens may bypass External Authorization service if it is enabled
Repository import still allows to import 40 hexadecimal branches
Webhook secret tokens leaked in webhook logs
Maintainer can leak webhook secret token by changing the webhook URL
Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP
Release names visible in public projects despite release set as project members only
Sidekiq background job DoS by uploading malicious NuGet packages
SSRF in Web Terminal advertise_address
Discovery 2022-11-30 Entry 2022-12-01 gitlab-ce
ge 15.6.0 lt 15.6.1
ge 15.5.0 lt 15.5.5
ge 9.3.0 lt 15.4.6
CVE-2022-4206
CVE-2022-3820
CVE-2022-3740
CVE-2022-4205
CVE-2022-3902
CVE-2022-4054
CVE-2022-3572
CVE-2022-3482
CVE-2022-3478
CVE-2022-4201
https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
|
4091069e-860b-11e9-a05f-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Remote Command Execution Vulnerability on Repository Download Feature
Confidential Issue Titles Revealed to Restricted Users on Unsubscribe
Disclosure of Milestone Metadata through the Search API
Private Project Discovery via Comment Links
Metadata of Confidential Issues Disclosed to Restricted Users
Mandatory External Authentication Provider Sign-In Restrictions Bypass
Internal Projects Allowed to Be Created on in Private Groups
Server-Side Request Forgery Through DNS Rebinding
Stored Cross-Site Scripting on Wiki Pages
Stored Cross-Site Scripting on Notes
Repository Password Disclosed on Import Error Page
Protected Branches Restriction Rules Bypass
Stored Cross-Site Scripting Vulnerability on Child Epics
Discovery 2019-06-03 Entry 2019-06-03 gitlab-ce
ge 11.11.0 lt 11.11.1
ge 11.10.0 lt 11.10.5
ge 6.8.0 lt 11.9.12
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12430
CVE-2019-12432
CVE-2019-12431
CVE-2019-12434
CVE-2019-12429
CVE-2019-12428
CVE-2019-12433
CVE-2019-12443
CVE-2019-12444
CVE-2019-12445
CVE-2019-12446
CVE-2019-12441
CVE-2019-12442
|
40bfab16-a68b-11ea-9ea5-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
CI Token Access Control
Discovery 2020-06-03 Entry 2020-06-04 gitlab-ce
ge 13.0.0 lt 13.0.4
ge 12.10.0 lt 12.10.9
ge 10.6.0 lt 12.9.9
https://about.gitlab.com/releases/2020/06/03/critical-security-release-13-0-4-released/
|
43ee6c1d-29ee-11e9-82a1-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Leak of Confidential Issue and Merge Request Titles
Persistent XSS in User Status
Discovery 2019-02-05 Entry 2019-02-06 gitlab-ce
ge 11.7.0 lt 11.7.4
ge 11.6.0 lt 11.6.9
https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
CVE-2019-7353
CVE-2019-6796
|
43f84437-73ab-11ec-a587-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Arbitrary file read via group import feature
Stored XSS in notes
Lack of state parameter on GitHub import project OAuth
Vulnerability related fields are available to unauthorized users on GraphQL API
Deleting packages may cause table locks
IP restriction bypass via GraphQL
Repository content spoofing using Git replacement references
Users can import members from projects that they are not a maintainer on through API
Possibility to direct user to malicious site through Slack integration
Bypassing file size limits to the NPM package repository
User with expired password can still access sensitive information
Incorrect port validation allows access to services on ports 80 and 443 if GitLab is configured to run on another port
Discovery 2022-01-11 Entry 2022-01-12 gitlab-ce
ge 14.6.0 lt 14.6.2
ge 14.5.0 lt 14.5.3
ge 7.7 lt 14.4.5
CVE-2021-39946
CVE-2022-0154
CVE-2022-0152
CVE-2022-0151
CVE-2022-0172
CVE-2022-0090
CVE-2022-0125
CVE-2022-0124
CVE-2021-39942
CVE-2022-0093
CVE-2021-39927
https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/
|
467b7cbe-257d-11e9-8573-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Remote Command Execution via GitLab Pages
Covert Redirect to Steal GitHub/Bitbucket Tokens
Remote Mirror Branches Leaked by Git Transfer Refs
Denial of Service with Markdown
Guests Can View List of Group Merge Requests
Guest Can View Merge Request Titles via System Notes
Persistent XSS via KaTeX
Emails Sent to Unauthorized Users
Hyperlink Injection in Notification Emails
Unauthorized Access to LFS Objects
Trigger Token Exposure
Upgrade Rails to 5.0.7.1 and 4.2.11
Contributed Project Information Visible in Private Profile
Imported Project Retains Prior Visibility Setting
Error disclosure on Project Import
Persistent XSS in User Status
Last Commit Status Leaked to Guest Users
Mitigations for IDN Homograph and RTLO Attacks
Access to Internal Wiki When External Wiki Enabled
User Can Comment on Locked Project Issues
Unauthorized Reaction Emojis by Guest Users
User Retains Project Role After Removal from Private Group
GitHub Token Leaked to Maintainers
Unauthenticated Blind SSRF in Jira Integration
Unauthorized Access to Group Membership
Validate SAML Response in Group SAML SSO
Discovery 2019-01-31 Entry 2019-01-31 gitlab-ce
ge 11.7.0 lt 11.7.3
ge 11.6.0 lt 11.6.8
ge 0.0.0 lt 11.5.10
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-6783
CVE-2019-6788
CVE-2019-6785
CVE-2019-6790
CVE-2019-6997
CVE-2019-6784
CVE-2019-6789
CVE-2019-6781
CVE-2019-6786
CVE-2019-6787
CVE-2018-16476
CVE-2019-6782
CVE-2019-6791
CVE-2019-6792
CVE-2019-6796
CVE-2019-6794
CVE-2019-6795
CVE-2019-6960
CVE-2019-6995
CVE-2019-7176
CVE-2019-7155
CVE-2019-6797
CVE-2019-6793
CVE-2019-6996
|
4c26f668-0fd2-11ed-a83d-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Revoke access to confidential notes todos
Pipeline subscriptions trigger new pipelines with the wrong author
Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email
Import via git protocol allows to bypass checks on repository
Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages
Maintainer can leak Packagist and other integration access tokens by changing integration URL
Unauthenticated access to victims Grafana datasources through path traversal
Unauthorized users can filter issues by contact and organization
Malicious Maintainer may change the visibility of project or a group
Stored XSS in job error messages
Enforced group MFA can be bypassed when using Resource Owner Password Credentials grant
Non project members can view public project's Deploy Keys
IDOR in project with Jira integration leaks project owner's other projects Jira issues
Group Bot Users and Tokens not deleted after group deletion
Email invited members can join projects even after the member lock has been enabled
Datadog integration returns user emails
Discovery 2022-07-28 Entry 2022-07-30 gitlab-ce
ge 15.2.0 lt 15.2.1
ge 15.1.0 lt 15.1.4
ge 0 lt 15.0.5
CVE-2022-2512
CVE-2022-2498
CVE-2022-2326
CVE-2022-2417
CVE-2022-2501
CVE-2022-2497
CVE-2022-2531
CVE-2022-2539
CVE-2022-2456
CVE-2022-2500
CVE-2022-2303
CVE-2022-2095
CVE-2022-2499
CVE-2022-2307
CVE-2022-2459
CVE-2022-2534
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
|
4ce7c28a-11ac-11ea-b537-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Unauthorized access to grafana metrics
Update Mattermost dependency
Discovery 2019-11-27 Entry 2019-11-28 gitlab-ce
ge 12.5.0 lt 12.5.2
ge 12.4.0 lt 12.4.5
ge 11.9.0 lt 12.3.8
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/
CVE-2019-19262
|
4ea507d1-9da8-11e9-a759-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Ability to Write a Note to a Private Snippet
Recent Pipeline Information Disclosed to Unauthorised Users
Resource Exhaustion Attack
Error Caused by Encoded Characters in Comments
Authorization Issues in GraphQL
Number of Merge Requests was Accessible
Enabling One of the Service Templates Could Cause Resource Depletion
Broken Access Control for the Content of Personal Snippets
Decoding Color Codes Caused Resource Depletion
Merge Request Template Name Disclosure
SSRF Vulnerability in Project GitHub Integration
Discovery 2019-07-03 Entry 2019-07-03 gitlab-ce
ge 12.0.0 lt 12.0.3
ge 11.11.0 lt 11.11.5
ge 8.3.0 lt 11.10.8
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13001
CVE-2019-13002
CVE-2019-13003
CVE-2019-13004
CVE-2019-13005
CVE-2019-13006
CVE-2019-13007
CVE-2019-13009
CVE-2019-13010
CVE-2019-13011
CVE-2019-13121
|
4faac805-6be0-11e9-a685-001b217b3468 | Gitlab -- Information Disclosure
Gitlab reports:
Information Disclosure with Limited Scope Token
Discovery 2019-04-30 Entry 2019-05-01 gitlab-ce
ge 11.10.0 lt 11.10.3
ge 11.9.0 lt 11.9.11
ge 11.8.0 lt 11.8.10
https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/
CVE-2019-11605
|
50e59056-87f2-11eb-b6a2-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gigtlab reports:
Remote code execution via unsafe user-controlled markdown rendering options
Discovery 2021-03-17 Entry 2021-03-18 gitlab-ce
ge 13.9.0 lt 13.9.4
ge 13.8.0 lt 13.8.6
ge 13.2.0 lt 13.7.9
https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/
|
518a119c-a864-11eb-8ddb-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Read API scoped tokens can execute mutations
Pull mirror credentials were exposed
Denial of Service when querying repository branches API
Non-owners can set system_note_timestamp when creating / updating issues
DeployToken will impersonate a User with the same ID when using Dependency Proxy
Discovery 2021-04-28 Entry 2021-04-28 gitlab-ce
ge 13.11.0 lt 13.11.2
ge 13.10.0 lt 13.10.4
ge 11.6.0 lt 13.9.7
https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/
CVE-2021-22209
CVE-2021-22206
CVE-2021-22210
CVE-2021-22208
CVE-2021-22211
|
56abf87b-96ad-11eb-a218-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Arbitrary File Read During Project Import
Kroki Arbitrary File Read/Write
Stored Cross-Site-Scripting in merge requests
Access data of an internal project through a public project fork as an anonymous user
Incident metric images can be deleted by any user
Infinite Loop When a User Access a Merge Request
Stored XSS in scoped labels
Admin CSRF in System Hooks Execution Through API
Update OpenSSL dependency
Update PostgreSQL dependency
Discovery 2021-03-31 Entry 2021-04-06 gitlab-ce
ge 13.10.0 lt 13.10.1
ge 13.9.0 lt 13.9.5
ge 9 lt 13.8.7
https://about.gitlab.com/releases/2021/03/31/security-release-gitlab-13-10-1-released/
|
570706ff-7ee0-11ea-bd0b-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
NuGet Package and File Disclosure through GitLab Workhorse
Job Artifact Uploads and File Disclosure through GitLab Workhorse
Incorrect membership following group removal
Logging of Praefect tokens
Update Rack dependency
Update OpenSSL dependency
Discovery 2020-04-14 Entry 2020-04-15 gitlab-ce
ge 12.9.0 lt 12.9.3
ge 12.8.0 lt 12.8.9
ge 0 lt 12.7.9
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11505
CVE-2020-11506
CVE-2020-11649
CVE-2020-16782
|
5d5e5cda-38e6-11eb-bbbf-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
XSS in Zoom Meeting URL
Limited Information Disclosure in Private Profile
User email exposed via GraphQL endpoint
Group and project membership potentially exposed via GraphQL
Search terms logged in search parameter in rails logs
Un-authorised access to feature flag user list
A specific query on the explore page causes statement timeouts
Exposure of starred projects on private user profiles
Uncontrolled Resource Consumption in any Markdown field using Mermaid
Former group members able to view updates to confidential epics
Update GraphicsMagick dependency
Update GnuPG dependency
Update libxml dependency
Discovery 2020-12-07 Entry 2020-12-07 gitlab-ce
ge 13.6.0 lt 13.6.2
ge 13.5.0 lt 13.5.5
ge 12.2 lt 13.4.9
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
CVE-2020-26407
CVE-2020-26408
CVE-2020-13357
CVE-2020-26411
CVE-2020-26409
|
5f52d646-c31f-11eb-8dcf-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Stealing GitLab OAuth access tokens using XSLeaks in Safari
Denial of service through recursive triggered pipelines
Unauthenticated CI lint API may lead to information disclosure and SSRF
Server-side DoS through rendering crafted Markdown documents
Issue and merge request length limit is not being enforced
Insufficient Expired Password Validation
XSS in blob viewer of notebooks
Logging of Sensitive Information
On-call rotation information exposed when removing a member
Spoofing commit author for signed commits
Enable qsh verification for Atlassian Connect
Discovery 2021-06-01 Entry 2021-06-01 gitlab-ce
ge 13.12.0 lt 13.12.2
ge 13.11.0 lt 13.11.5
ge 7.10.0 lt 13.10.5
CVE-2021-22181
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
|
62f2182c-5f7a-11ea-abb7-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Directory Traversal to Arbitrary File Read
Account Takeover Through Expired Link
Server Side Request Forgery Through Deprecated Service
Group Two-Factor Authentication Requirement Bypass
Stored XSS in Merge Request Pages
Stored XSS in Merge Request Submission Form
Stored XSS in File View
Stored XSS in Grafana Integration
Contribution Analytics Exposed to Non-members
Incorrect Access Control in Docker Registry via Deploy Tokens
Denial of Service via Permission Checks
Denial of Service in Design For Public Issue
Incorrect Access Control via LFS Import
Unescaped HTML in Header
Private Merge Request Titles Leaked via Widget
Project Namespace Exposed via Vulnerability Feedback Endpoint
Denial of Service Through Recursive Requests
Project Authorization Not Being Updated
Incorrect Permission Level For Group Invites
Disclosure of Private Group Epic Information
User IP Address Exposed via Badge images
Discovery 2020-03-04 Entry 2020-03-06 gitlab-ce
ge 12.8.0 lt 12.8.2
ge 12.7.0 lt 12.7.7
ge 0 lt 12.6.8
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8113
|
66d1c277-652a-11eb-bb3f-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Stored XSS in merge request
Stored XSS in epic's pages
Sensitive GraphQL variables exposed in structured log
Guest user can see tag names in private projects
Information disclosure via error message
DNS rebinding protection bypass
Validate existence of private project
Discovery 2021-02-01 Entry 2021-02-02 gitlab-ce
ge 13.8.0 lt 13.8.2
ge 13.7.0 lt 13.7.6
ge 11.8 lt 13.6.6
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/
CVE-2021-22172
CVE-2021-22169
|
69cf62a8-a0aa-11ea-9ea5-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
User Email Verification Bypass
OAuth Flow Missing Email Verification Checks
Notification Email Verification Bypass
Undisclosed Vulnerability on a Third-Party Rendering Engine
Group Sign-Up Restriction Bypass
Mirror Project Owner Impersonation
Missing Permission Check on Fork Relation Creation
Cross-Site Scripting in Repository Files API
Kubernetes Cluster Token Disclosure
Object Storage File Enumeration
Insecure Authorization Check on Project Deploy Keys
Cross-Site Scripting on Metrics Dashboard
Denial of Service on Custom Dashboards
Client-Side Code Injection through Mermaid Markup
Cross-Site Scripting on Static Site Editor
Disclosure of Amazon EKS Credentials
Denial of Service on Workhorse
Discovery 2020-05-27 Entry 2020-05-28 gitlab-ce
ge 13.0.0 lt 13.0.1
ge 12.10.0 lt 12.10.7
ge 12.9.0 lt 12.9.8
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
|
6c22bb39-0a9a-11ec-a265-001b217b3468 | Gitlab -- Vulnerabilities
Gitlab reports:
Stored XSS in DataDog Integration
Invited group members continue to have project access even after invited group is deleted
Specially crafted requests to apollo_upload_server middleware leads to denial of service
Privilege escalation of an external user through project token
Missing access control allows non-admin users to add/remove Jira Connect Namespaces
User enumeration on private instances
Member e-mails can be revealed via project import/export feature
Stored XSS in Jira integration
Stored XSS in markdown via the Design reference
Discovery 2021-08-31 Entry 2021-08-31 gitlab-ce
ge 14.2.0 lt 14.2.2
ge 14.1.0 lt 14.1.4
ge 0 lt 14.0.9
CVE-2021-22257
CVE-2021-22258
CVE-2021-22238
https://about.gitlab.com/releases/2021/08/31/security-release-gitlab-14-2-2-released/
|
6eddfa51-fb44-11e9-86e9-001b217b3468 | Gitlab -- Disclosure Vulnerabilities
Gitlab reports:
Source branch of a MR could be removed by an unauthorised user
Private group members could be listed
Disclosure of System Notes via Elasticsearch integration
Disclosure of Private Comments via Elasticsearch integration
Confirm existence of private repositories
Private group membership could be disclosed
Disclosure of Project Labels
Disclosure of Private Project Path and Labels
Uncontrolled Resource Consumption due to Nested GraphQL Queries
Improper access control on comments
Sentry Token Access Control
Authorisation check for Project Transfer option
XSS in Wiki Pages Using RDoc
Untrusted Input could be used for Internal Redirect
Access control for protected environments
Private Sub Group path Disclosure
Disclosure of Group Packages List
Private Repository Name Disclosure
Discovery 2019-10-30 Entry 2019-10-30 gitlab-ce
ge 12.4.0 lt 12.4.1
ge 12.3.0 lt 12.3.6
ge 0 lt 12.2.9
CVE-2019-18454
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18446
CVE-2019-18447
CVE-2019-18460
CVE-2019-18456
CVE-2019-18448
CVE-2019-18449
CVE-2019-18450
CVE-2019-18452
CVE-2019-18455
CVE-2019-18453
CVE-2019-18457
CVE-2019-18458
CVE-2019-18451
CVE-2019-18459
CVE-2019-18461
CVE-2019-18463
CVE-2019-18462
|
70b774a8-05bc-11e9-87ad-001b217b3468 | Gitlab -- Arbitrary File read in Gitlab project import
Gitlab reports:
Arbitrary File read in Gitlab project import
Discovery 2018-12-20 Entry 2018-12-22 gitlab-ce
ge 11.5.0 lt 11.5.5
ge 11.4.0 lt 11.4.12
ge 8.9.0 lt 11.3.14
https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
CVE-2018-20229
|
757e6ee8-ff91-11e8-a148-001b217b3468 | Gitlab -- Arbitrary File read in GitLab project import with Git LFS
Gitlab reports:
Arbitrary File read in GitLab project import with Git LFS
Discovery 2018-12-13 Entry 2018-12-14 gitlab-ce
ge 11.5.0 lt 11.5.4
ge 11.4.0 lt 11.4.11
ge 11.0.0 lt 11.4.0
https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
CVE-2018-20144
|
7ba5a3d0-4b18-11e9-adcb-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Public project in a private group makes the group page publicly accessible
Discovery 2019-03-14 Entry 2019-03-20 gitlab-ce
< 11.8.2
https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/
CVE-2019-9732
|
8657eedd-b423-11ec-9559-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Static passwords inadvertently set during OmniAuth-based registration
Stored XSS in notes
Stored XSS on Multi-word milestone reference
Denial of service caused by a specially crafted RDoc file
GitLab Pages access tokens can be reused on multiple domains
GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout
Incorrect include in pipeline definition exposes masked CI variables in UI
Regular expression denial of service in release asset link
Latest Commit details from private projects leaked to guest users via Merge Requests
CI/CD analytics are available even when public pipelines are disabled
Absence of limit for the number of tags that can be added to a runner can cause performance issues
Client DoS through rendering crafted comments
Blind SSRF Through Repository Mirroring
Bypass of branch restriction in Asana integration
Readable approval rules by Guest user
Redact InvalidURIError error messages
Project import maps members' created_by_id users based on source user ID
Discovery 2022-03-31 Entry 2022-04-04 gitlab-ce
ge 14.9.0 lt 14.9.2
ge 14.8.0 lt 14.8.5
ge 0 lt 14.7.7
CVE-2022-1162
CVE-2022-1175
CVE-2022-1190
CVE-2022-1185
CVE-2022-1148
CVE-2022-1121
CVE-2022-1120
CVE-2022-1100
CVE-2022-1193
CVE-2022-1105
CVE-2022-1099
CVE-2022-1174
CVE-2022-1188
CVE-2022-0740
CVE-2022-1189
CVE-2022-1157
CVE-2022-1111
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
|
8a0cd618-22a0-11ed-b1e7-001b217b3468 | Gitlab -- Remote Code Execution
Gitlab reports:
Remote Command Execution via Github import
Discovery 2022-08-22 Entry 2022-08-23 gitlab-ce
ge 15.3.0 lt 15.3.1
ge 15.2.0 lt 15.2.3
ge 11.3.4 lt 15.1.5
CVE-2022-2884
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
|
8a4aba2d-f33e-11e8-9416-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
View Names of Private Groups
Persistent XSS in Environments
SSRF in Prometheus integration
Unauthorized Promotion of Milestones
Exposure of Confidential Issue Title
Persisent XSS in Markdown Fields via Mermaid Script
Persistent XSS in Markdown Fields via Unrecognized HTML Tags
Symlink Race Condition in Pages
Unauthorized Changes by Guest User in Issues
Unauthorized Comments on Locked Issues
Improper Enforcement of Token Scope
CRLF Injection in Project Mirroring
XSS in OAuth Authorization
SSRF in Webhooks
Send Email on Email Address Change
Workhorse Logs Contained Tokens
Unauthorized Publishing of Draft Comments
Guest Can Set Weight of a New Issue
Disclosure of Private Group's Members and Milestones
Persisent XSS in Operations
Reporter Can View Operations Page
Discovery 2018-11-28 Entry 2018-11-28 gitlab-ce
ge 11.5.0 lt 11.5.1
ge 11.4.0 lt 11.4.8
ge 0 lt 11.3.11
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19494
CVE-2018-19493
CVE-2018-19495
CVE-2018-19496
CVE-2018-19577
CVE-2018-19573
CVE-2018-19570
CVE-2018-19572
CVE-2018-19576
CVE-2018-19575
CVE-2018-19569
CVE-2018-19585
CVE-2018-19574
CVE-2018-19571
CVE-2018-19580
CVE-2018-19583
CVE-2018-19582
CVE-2018-19581
CVE-2018-19584
CVE-2018-19579
CVE-2018-19578
|
8ba8278d-db06-11eb-ba49-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
DoS using Webhook connections
CSRF on GraphQL API allows executing mutations through GET requests
Private projects information disclosure
Denial of service of user profile page
Single sign-on users not getting blocked
Some users can push to Protected Branch with Deploy keys
A deactivated user can access data through GraphQL
Reflected XSS in release edit page
Clipboard DOM-based XSS
Stored XSS on Audit Log
Forks of public projects by project members could leak codebase
Improper text rendering
HTML Injection in full name field
Discovery 2021-07-01 Entry 2021-07-02 gitlab-ce
ge 14.0.0 lt 14.0.2
ge 13.12.0 lt 13.12.6
ge 8.0.0 lt 13.11.6
https://about.gitlab.com/releases/2021/07/01/security-release-gitlab-14-0-2-released/
|
8bf856ea-7df7-11eb-9aad-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
JWT token leak via Workhorse
Stored XSS in wiki pages
Group Maintainers are able to use the Group CI/CD Variables API
Insecure storage of GitLab session keys
Discovery 2021-03-04 Entry 2021-03-05 gitlab-ce
ge 13.9.0 lt 13.9.2
ge 13.8.0 lt 13.8.5
< 13.7.8
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
CVE-2021-22185
CVE-2021-22186
|
8fc615cc-8a66-11e8-8c75-d8cb8abf62dd | Gitlab -- Remote Code Execution Vulnerability in GitLab Projects Import
Gitlab reports:
Remote Code Execution Vulnerability in GitLab Projects Import
Discovery 2018-07-17 Entry 2018-07-18 gitlab-ce
gitlab
ge 11.0.0 lt 11.0.4
ge 10.8.0 lt 10.8.6
ge 8.9.0 lt 10.7.7
CVE-2018-14364
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
|
9a09eaa2-6448-11ea-abb7-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Email Confirmation not Required on Sign-up
Discovery 2020-03-11 Entry 2020-03-12 gitlab-ce
ge 12.8.0 lt 12.8.6
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
|
9d3428d4-f98c-11e8-a148-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Directory Traversal in Templates API
Discovery 2018-12-06 Entry 2018-12-06 gitlab-ce
ge 11.5.0 lt 11.5.3
ge 11.4.0 lt 11.4.10
ge 8.11.0 lt 11.3.12
https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
CVE-2018-19856
|
a003b74f-d7b3-11ea-9df1-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Arbitrary File Read when Moving an Issue
Memory Exhaustion via Excessive Logging of Invite Email Error
Denial of Service Through Project Import Feature
User Controlled Git Configuration Settings Resulting in SSRF
Stored XSS in Issue Reference Number Tooltip
Stored XSS in Issues List via Milestone Title
Improper Access Control After Group Transfer
Bypass Email Verification Required for OAuth Flow
Confusion When Using Hexadecimal Branch Names
Insufficient OAuth Revocation
Improper Access Control for Project Sharing
Stored XSS in Jobs Page
Improper Access Control of Applications Page
SSRF into Shared Runner
Update Kramdown Gem
Discovery 2020-08-05 Entry 2020-08-06 Modified 2020-08-25 gitlab-ce
< 13.3.0
https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
CVE-2020-10977
CVE-2020-13280
CVE-2020-13281
CVE-2020-14001
|
a0602fa0-5c1c-11e9-abd6-001b217b3468 | Gitlab -- Group Runner Registration Token Exposure
Gitlab reports:
Group Runner Registration Token Exposure
Discovery 2019-04-10 Entry 2019-04-11 gitlab-ce
ge 11.9.0 lt 11.9.7
ge 11.8.0 lt 11.8.7
ge 10.4.0 lt 11.7.11
https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/
CVE-2019-11000
|
a2a2b34d-52b4-11eb-87cb-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Ability to steal a user's API access token through GitLab Pages
Prometheus denial of service via HTTP request with custom method
Unauthorized user is able to access private repository information under specific conditions
Regular expression denial of service in NuGet API
Regular expression denial of service in package uploads
Update curl dependency
CVE-2019-3881 mitigation
Discovery 2021-01-07 Entry 2021-01-09 gitlab-ce
ge 13.7.0 lt 13.7.2
ge 13.6.0 lt 13.6.4
ge 12.2 lt 13.5.6
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
CVE-2021-22166
CVE-2020-26414
CVE-2019-3881
|
a3495e61-047f-11eb-86ea-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Potential Denial Of Service Via Update Release Links API
Insecure Storage of Session Key In Redis
Improper Access Expiration Date Validation
Cross-Site Scripting in Multiple Pages
Unauthorized Users Can View Custom Project Template
Cross-Site Scripting in SVG Image Preview
Incomplete Handling in Account Deletion
Insufficient Rate Limiting at Re-Sending Confirmation Email
Improper Type Check in GraphQL
To-dos Are Not Redacted When Membership Changes
Guest users can modify confidentiality attribute
Command injection on runner host
Insecure Runner Configuration in Kubernetes Environments
Discovery 2020-10-01 Entry 2020-10-02 gitlab-ce
ge 13.4.0 lt 13.4.2
ge 13.3.0 lt 13.3.7
ge 7.12 lt 13.2.10
https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/
CVE-2020-13333
CVE-2020-13332
CVE-2020-13335
CVE-2020-13334
CVE-2020-13327
|
b17c86b9-e52e-11e9-86e9-001b217b3468 | Gitlab -- Multiple Vulnerabilities
SO-AND-SO reports:
XSS in Markdown Preview Using Mermaid
Bypass Email Verification using Salesforce Authentication
Account Takeover using SAML
Uncontrolled Resource Consumption in Markdown using Mermaid
Disclosure of Private Project Path and Labels
Disclosure of Assignees via Milestones
Disclosure of Project Path via Unsubscribe Link
Disclosure of Project Milestones via Groups
Disclosure of Private System Notes via GraphQL
GIT Command Injection via API
Bypass User Blocking via CI/CD token
IDOR Adding Groups to Protected Environments
Disclosure of Group Membership via Merge Request Approval Rules
Disclosure of Head Pipeline via Blocking Merge Request Feature
Grafana update
Discovery 2019-09-30 Entry 2019-10-02 gitlab-ce
ge 12.3.0 lt 12.3.2
ge 12.2.0 lt 12.2.6
ge 7.12.0 lt 12.1.12
https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-19039
|
b2789b2d-d521-11e9-86e9-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Project Template Functionality Could Be Used to Access Restricted Project Data
Security Enhancements in GitLab Pages
Discovery 2019-09-10 Entry 2019-09-12 gitlab-ce
ge 12.2.0 lt 12.2.5
ge 12.1.0 lt 12.1.9
ge 11.6.0 lt 12.0.9
https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/
CVE-2019-16170
|
b299417a-5725-11ec-a587-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Group members with developer role can escalate their privilege to maintainer on projects that they import
When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint API
Collision in access memoization leads to potential elevated privileges on groups and projects
Project access token names are returned for unauthenticated requesters
Sensitive info disclosure in logs
Disclosure of a user's custom project and group templates
ReDoS in Maven package version
Potential denial of service via the Diff feature
Regular Expression Denial of Service via user comments
Service desk email accessible by any project member
Regular Expression Denial of Service via quick actions
IDOR in "external status check" API leaks data about any status check on the instance
Default branch name visible in public projects restricting access to the source code repository
Deploy token allows access to disabled project Wiki
Regular Expression Denial of Service via deploy Slash commands
Users can reply to Vulnerability Report discussions despite Only Project Members settings
Unauthorised deletion of protected branches
Author can approve Merge Request after having access revoked
HTML Injection via Swagger UI
Discovery 2021-12-06 Entry 2021-12-07 gitlab-ce
ge 14.5.0 lt 14.5.2
ge 14.4.0 lt 14.4.4
ge 0 lt 14.3.6
CVE-2021-39944
CVE-2021-39935
CVE-2021-39937
CVE-2021-39915
CVE-2021-39919
CVE-2021-39930
CVE-2021-39940
CVE-2021-39932
CVE-2021-39933
CVE-2021-39934
CVE-2021-39917
CVE-2021-39916
CVE-2021-39941
CVE-2021-39936
CVE-2021-39938
CVE-2021-39918
CVE-2021-39931
CVE-2021-39945
CVE-2021-39910
https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/
|
b2f4ab91-0e6b-11e9-8700-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Source code disclosure merge request diff
Todos improper access control
URL rel attribute not set
Persistent XSS Autocompletion
SSRF repository mirroring
CI job token LFS error message disclosure
Secret CI variable exposure
Guest user CI job disclosure
Persistent XSS label reference
Persistent XSS wiki in IE browser
SSRF in project imports with LFS
Improper access control CI/CD settings
Missing authorization control merge requests
Improper access control branches and tags
Missing authentication for Prometheus alert endpoint
Discovery 2018-12-31 Entry 2019-01-02 gitlab-ce
ge 11.6.0 lt 11.6.1
ge 11.5.0 lt 11.5.6
ge 8.0.0 lt 11.4.13
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20493
CVE-2018-20492
CVE-2018-20489
CVE-2018-20490
CVE-2018-20497
CVE-2018-20495
CVE-2018-20488
CVE-2018-20494
CVE-2018-20496
CVE-2018-20491
CVE-2018-20499
CVE-2018-20500
CVE-2018-20501
CVE-2018-20498
CVE-2018-20507
|
b51d9e83-de08-11e8-9416-001b217b3468 | Gitlab -- SSRF in Kubernetes integration
SO-AND-SO reports:
SSRF in Kubernetes integration
Discovery 2018-11-01 Entry 2018-11-01 gitlab-ce
ge 11.4.0 lt 11.4.4
ge 11.3.0 lt 11.3.9
ge 11.0.0 lt 11.2.8
https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
CVE-2018-18843
|
b68cc195-cae7-11e9-86e9-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Kubernetes Integration Server-Side Request Forgery
Server-Side Request Forgery in Jira Integration
Improved Protection Against Credential Stuffing Attacks
Markdown Clientside Resource Exhaustion
Pipeline Status Disclosure
Group Runner Authorization Issue
CI Metrics Disclosure
User IP Disclosed by Embedded Image and Media
Label Description HTML Injection
IDOR in Epic Notes API
Push Rule Bypass
Project Visibility Restriction Bypass
Merge Request Discussion Restriction Bypass
Disclosure of Merge Request IDs
Weak Authentication In Certain Account Actions
Disclosure of Commit Title and Comments
Stored XSS via Markdown
EXIF Geolocation Data Exposure
Multiple SSRF Regressions on Gitaly
Default Branch Name Exposure
Potential Denial of Service via CI Pipelines
Privilege Escalation via Logrotate
Discovery 2019-08-29 Entry 2019-08-30 gitlab-ce
ge 12.2.0 lt 12.2.3
ge 12.1.0 lt 12.1.8
ge 0.0.0 lt 12.0.8
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15728
CVE-2019-15730
CVE-2019-15722
CVE-2019-15729
CVE-2019-15721
CVE-2019-15727
CVE-2019-15726
CVE-2019-15724
CVE-2019-15725
CVE-2019-15723
CVE-2019-15732
CVE-2019-15731
CVE-2019-15738
CVE-2019-15737
CVE-2019-15734
CVE-2019-15739
CVE-2019-15740
CVE-2019-15733
CVE-2019-15736
CVE-2019-15741
|
b9591212-dba7-11e8-9416-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
RCE in Gitlab Wiki API
SSRF in Hipchat integration
Cleartext storage of personal access tokens
Information exposure through stack trace error message
Persistent XSS autocomplete
Information exposure in stored browser history
Information exposure when replying to issues through email
Persistent XSS in License Management and Security Reports
Metrics information disclosure in Prometheus integration
Unauthorized changes to a protected branch's access levels
Discovery 2018-10-29 Entry 2018-10-29 gitlab-ce
ge 11.4.0 lt 11.4.3
ge 11.3.0 lt 11.3.8
ge 5.3.0 lt 11.2.7
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18649
CVE-2018-18646
CVE-2018-18641
CVE-2018-18648
CVE-2018-18643
CVE-2018-18640
CVE-2018-18645
CVE-2018-18642
CVE-2018-18644
CVE-2018-18647
|
c5bd9068-440f-11ea-9cdb-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Path Traversal to Arbitrary File Read
User Permissions Not Validated in ProjectExportWorker
XSS Vulnerability in File API
Package and File Disclosure through GitLab Workhorse
XSS Vulnerability in Create Groups
Issue and Merge Request Activity Counts Exposed
Email Confirmation Bypass Using AP
Disclosure of Forked Private Project Source Code
Private Project Names Exposed in GraphQL queries
Disclosure of Issues and Merge Requests via Todos
Denial of Service via AsciiDoc
Last Pipeline Status Exposed
Arbitrary Change of Pipeline Status
Grafana Token Displayed in Plaintext
Update excon gem
Update rdoc gem
Update rack-cors gem
Update rubyzip gem
Discovery 2020-01-30 Entry 2020-01-31 gitlab-ce
ge 12.7.0 lt 12.7.4
ge 12.6.0 lt 12.6.6
ge 5.3 lt 12.5.9
CVE-2020-7971
CVE-2020-7967
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7966
CVE-2020-8114
CVE-2020-7973
CVE-2020-6833
CVE-2020-7972
CVE-2020-7968
CVE-2020-7979
CVE-2020-7969
CVE-2020-7978
CVE-2020-7974
CVE-2020-7977
CVE-2020-7976
CVE-2019-16779
CVE-2019-18978
CVE-2019-16892
|
d1b35142-ff4a-11ec-8be3-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Remote Command Execution via Project Imports
XSS in ZenTao integration affecting self hosted instances without strict CSP
XSS in project settings page
Unallowed users can read unprotected CI variables
IP allow-list bypass to access Container Registries
2FA status is disclosed to unauthenticated users
CI variables provided to runners outside of a group's restricted IP range
IDOR in sentry issues
Reporters can manage issues in error tracking
Regular Expression Denial of Service via malicious web server responses
Unauthorized read for conan repository
Open redirect vulnerability
Group labels are editable through subproject
Release titles visible for any users if group milestones are associated with any project releases
Restrict membership by email domain bypass
Job information is leaked to users who previously were maintainers via the Runner Jobs API endpoint
Discovery 2022-06-30 Entry 2022-07-09 gitlab-ce
ge 15.1.0 lt 15.1.1
ge 15.0.0 lt 15.0.4
ge 0 lt 14.10.5
CVE-2022-2185
CVE-2022-2235
CVE-2022-2230
CVE-2022-2229
CVE-2022-1983
CVE-2022-1963
CVE-2022-2228
CVE-2022-2243
CVE-2022-2244
CVE-2022-1954
CVE-2022-2270
CVE-2022-2250
CVE-2022-1999
CVE-2022-2281
CVE-2022-1981
CVE-2022-2227
https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
|
d889d32c-ecd9-11e8-9416-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Persistent XSS Autocompletion
Unauthorized service template creation
Discovery 2018-11-19 Entry 2018-11-20 gitlab-ce
ge 11.4.0 lt 11.4.6
ge 8.9.0 lt 11.3.10
https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
CVE-2018-18643
CVE-2018-19359
|
da459dbc-5586-11e9-abd6-001b217b3468 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
DoS potential for regex in CI/CD refs
Related branches visible in issues for guests
Persistent XSS at merge request resolve conflicts
Improper authorization control "move issue"
Guest users of private projects have access to releases
DoS potential on project languages page
Recurity assessment: information exposure through timing discrepancy
Recurity assessment: loginState HMAC issues
Recurity assessment: open redirect
PDF.js vulnerable to CVE-2018-5158
IDOR labels of private projects/groups
EXIF geolocation data not stripped from uploaded images
Discovery 2019-04-01 Entry 2019-04-02 gitlab-ce
ge 11.9.0 lt 11.9.4
ge 11.8.0 lt 11.8.6
< 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10640
CVE-2019-10116
CVE-2019-10111
CVE-2019-10110
CVE-2019-10115
CVE-2019-10113
CVE-2019-10114
CVE-2019-10112
CVE-2019-10117
CVE-2018-5158
CVE-2019-10108
CVE-2019-10109
|
ddd48087-bd86-11e9-b13f-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Insecure Authentication Methods Disabled for Grafana By Default
Multiple Command-Line Flag Injection Vulnerabilities
Insecure Cookie Handling on GitLab Pages
Discovery 2019-08-12 Entry 2019-08-13 gitlab-ce
ge 12.1.0 lt 12.1.6
ge 12.0.0 lt 12.0.6
ge 10.0.0 lt 11.11.8
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14943
CVE-2019-14944
CVE-2019-14942
|
e0382fde-4bb0-11e9-adcb-001b217b3468 | Gitlab -- Vulnerability
Gitlab reports:
Project Runner Token Exposed Through Issues Quick Actions
Discovery 2019-03-20 Entry 2019-03-21 gitlab-ce
ge 11.8.0 lt 11.8.3
< 11.7.7
https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
CVE-2019-9866
|
e6b994e2-2891-11ed-9be7-454b1dd82c64 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Remote Command Execution via GitHub import
Stored XSS via labels color
Content injection via Incidents Timeline description
Lack of length validation in Snippets leads to Denial of Service
Group IP allow-list not fully respected by the Package Registry
Abusing Gitaly.GetTreeEntries calls leads to denial of service
Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags
Regular Expression Denial of Service via special crafted input
Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events
Regex backtracking through the Commit message field
Read repository content via LivePreview feature
Denial of Service via the Create branch API
Denial of Service via Issue preview
IDOR in Zentao integration leaked issue details
Brute force attack may guess a password even when 2FA is enabled
Discovery 2022-08-30 Entry 2022-08-30 gitlab-ce
ge 15.3.0 lt 15.3.2
ge 15.2.0 lt 15.2.4
ge 10.0.0 lt 15.1.6
CVE-2022-2992
CVE-2022-2865
CVE-2022-2527
CVE-2022-2592
CVE-2022-2533
CVE-2022-2455
CVE-2022-2428
CVE-2022-2908
CVE-2022-2630
CVE-2022-2931
CVE-2022-2907
CVE-2022-3031
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
|
e8483115-8b8e-11ea-bdcf-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Path Traversal in NuGet Package Registry
Workhorse Bypass Leads to File Disclosure
OAuth Application Client Secrets Revealed
Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes
Code Owners Protection Not Enforced from Web UI
Repository Mirror Passwords Exposed To Maintainers
Admin Audit Log Page Denial of Service
Private Project ID Revealed Through Group API
Elasticsearch Credentials Logged to ELK
GitHub Personal Access Token Exposed on Integrations Page
Update Nokogiri dependency
Update OpenSSL Dependency
Update git
Discovery 2020-04-30 Entry 2020-05-01 gitlab-ce
ge 12.10.0 lt 12.10.2
ge 12.9.0 lt 12.9.5
ge 8.4.0 lt 12.8.10
https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/
CVE-2020-12448
CVE-2020-10187
CVE-2020-7595
CVE-2020-1967
CVE-2020-11008
|
f414d69f-e43d-11ec-9ea4-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Account take over via SCIM email change
Stored XSS in Jira integration
Quick action commands susceptible to XSS
IP allowlist bypass when using Trigger tokens
IP allowlist bypass when using Project Deploy Tokens
Improper authorization in the Interactive Web Terminal
Subgroup member can list members of parent group
Group member lock bypass
Discovery 2022-06-01 Entry 2022-06-04 gitlab-ce
ge 15.0.0 lt 15.0.1
ge 14.10.0 lt 14.10.4
ge 11.10.0 lt 14.9.5
CVE-2022-1680
CVE-2022-1940
CVE-2022-1948
CVE-2022-1935
CVE-2022-1936
CVE-2022-1944
CVE-2022-1821
CVE-2022-1783
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
|
f7a97d43-c039-11ea-a051-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Workhorse bypass allows files in /tmp to be read via Maven Repository APIs
Discovery 2020-07-06 Entry 2020-07-07 gitlab-ce
ge 13.1.0 lt 13.1.3
ge 13.0.0 lt 13.0.9
ge 0 lt 12.10.14
https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/
CVE-2020-15525
|
f929b172-369e-11ea-9cdb-001b217b3468 | Gitlab -- Private objects exposed through project import
Gitlab reports:
Private objects exposed through project importi
Discovery 2020-01-13 Entry 2020-01-14 gitlab-ce
ge 12.6.0 lt 12.6.4
ge 12.5.0 lt 12.5.7
ge 8.9.0 lt 12.4.8
https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2020-6832
|
fb6e53ae-9df6-11eb-ba8c-001b217b3468 | Gitlab -- Vulnerabilities
SO-AND-SO reports:
Remote code execution when uploading specially crafted image files
Update Rexml
Discovery 2021-04-14 Entry 2021-04-15 gitlab-ce
ge 13.10.0 lt 13.10.3
ge 13.9.0 lt 13.9.6
ge 7.12 lt 13.8.8
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
CVE-2021-28965
|
ff50192c-19eb-11e9-8573-001b217b3468 | Gitlab -- Arbitrary repo read in Gitlab project import
Gitlab reports:
Arbitrary repo read in Gitlab project import
Discovery 2019-01-16 Entry 2019-01-17 gitlab-ce
ge 11.6.0 lt 11.6.4
ge 11.5.0 lt 11.5.7
ge 8.9.0 lt 11.4.14
https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
CVE-2019-6240
|
ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd | Gitlab -- multiple vulnerabilities
Gitlab reports:
Persistent XSS in Pipeline Tooltip
GitLab.com GCP Endpoints Exposure
Persistent XSS in Merge Request Changes View
Sensitive Data Disclosure in Sidekiq Logs
Missing CSRF in System Hooks
Orphaned Upload Files Exposure
Missing Authorization Control API Repository Storage
Discovery 2018-08-28 Entry 2018-08-30 gitlab-ce
ge 11.2.0 lt 11.2.3
ge 11.1.0 lt 11.1.6
ge 2.7.0 lt 11.0.6
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
|