VuXML ID | Description |
8a0cd618-22a0-11ed-b1e7-001b217b3468 | Gitlab -- Remote Code Execution
Gitlab reports:
Remote Command Execution via Github import
Discovery 2022-08-22 Entry 2022-08-23 gitlab-ce
ge 15.3.0 lt 15.3.1
ge 15.2.0 lt 15.2.3
ge 11.3.4 lt 15.1.5
CVE-2022-2884
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
|
ee890be3-a1ec-11ed-a81d-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Denial of Service via arbitrarily large Issue descriptions
CSRF via file upload allows an attacker to take over a repository
Sidekiq background job DoS by uploading malicious CI job artifact zips
Sidekiq background job DoS by uploading a malicious Helm package
Discovery 2023-01-31 Entry 2023-02-01 gitlab-ce
ge 15.8.0 lt 15.8.1
ge 15.7.0 lt 15.7.6
ge 12.4.0 lt 15.6.7
CVE-2022-3411
CVE-2022-4138
CVE-2022-3759
CVE-2023-0518
https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/
|
4c26f668-0fd2-11ed-a83d-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Revoke access to confidential notes todos
Pipeline subscriptions trigger new pipelines with the wrong author
Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email
Import via git protocol allows to bypass checks on repository
Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages
Maintainer can leak Packagist and other integration access tokens by changing integration URL
Unauthenticated access to victims Grafana datasources through path traversal
Unauthorized users can filter issues by contact and organization
Malicious Maintainer may change the visibility of project or a group
Stored XSS in job error messages
Enforced group MFA can be bypassed when using Resource Owner Password Credentials grant
Non project members can view public project's Deploy Keys
IDOR in project with Jira integration leaks project owner's other projects Jira issues
Group Bot Users and Tokens not deleted after group deletion
Email invited members can join projects even after the member lock has been enabled
Datadog integration returns user emails
Discovery 2022-07-28 Entry 2022-07-30 gitlab-ce
ge 15.2.0 lt 15.2.1
ge 15.1.0 lt 15.1.4
ge 0 lt 15.0.5
CVE-2022-2512
CVE-2022-2498
CVE-2022-2326
CVE-2022-2417
CVE-2022-2501
CVE-2022-2497
CVE-2022-2531
CVE-2022-2539
CVE-2022-2456
CVE-2022-2500
CVE-2022-2303
CVE-2022-2095
CVE-2022-2499
CVE-2022-2307
CVE-2022-2459
CVE-2022-2534
https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/
|
d1b35142-ff4a-11ec-8be3-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Remote Command Execution via Project Imports
XSS in ZenTao integration affecting self hosted instances without strict CSP
XSS in project settings page
Unallowed users can read unprotected CI variables
IP allow-list bypass to access Container Registries
2FA status is disclosed to unauthenticated users
CI variables provided to runners outside of a group's restricted IP range
IDOR in sentry issues
Reporters can manage issues in error tracking
Regular Expression Denial of Service via malicious web server responses
Unauthorized read for conan repository
Open redirect vulnerability
Group labels are editable through subproject
Release titles visible for any users if group milestones are associated with any project releases
Restrict membership by email domain bypass
Job information is leaked to users who previously were maintainers via the Runner Jobs API endpoint
Discovery 2022-06-30 Entry 2022-07-09 gitlab-ce
ge 15.1.0 lt 15.1.1
ge 15.0.0 lt 15.0.4
ge 0 lt 14.10.5
CVE-2022-2185
CVE-2022-2235
CVE-2022-2230
CVE-2022-2229
CVE-2022-1983
CVE-2022-1963
CVE-2022-2228
CVE-2022-2243
CVE-2022-2244
CVE-2022-1954
CVE-2022-2270
CVE-2022-2250
CVE-2022-1999
CVE-2022-2281
CVE-2022-1981
CVE-2022-2227
https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/
|
e6b994e2-2891-11ed-9be7-454b1dd82c64 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Remote Command Execution via GitHub import
Stored XSS via labels color
Content injection via Incidents Timeline description
Lack of length validation in Snippets leads to Denial of Service
Group IP allow-list not fully respected by the Package Registry
Abusing Gitaly.GetTreeEntries calls leads to denial of service
Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags
Regular Expression Denial of Service via special crafted input
Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events
Regex backtracking through the Commit message field
Read repository content via LivePreview feature
Denial of Service via the Create branch API
Denial of Service via Issue preview
IDOR in Zentao integration leaked issue details
Brute force attack may guess a password even when 2FA is enabled
Discovery 2022-08-30 Entry 2022-08-30 gitlab-ce
ge 15.3.0 lt 15.3.2
ge 15.2.0 lt 15.2.4
ge 10.0.0 lt 15.1.6
CVE-2022-2992
CVE-2022-2865
CVE-2022-2527
CVE-2022-2592
CVE-2022-2533
CVE-2022-2455
CVE-2022-2428
CVE-2022-2908
CVE-2022-2630
CVE-2022-2931
CVE-2022-2907
CVE-2022-3031
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
|
54006796-cf7b-11ed-a5d5-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Cross-site scripting in "Maximum page reached" page
Private project guests can read new changes using a fork
Mirror repository error reveals password in Settings UI
DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint
Unauthenticated users can view Environment names from public projects limited to project members only
Copying information to the clipboard could lead to the execution of unexpected commands
Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL
Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release
Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown
MR for security reports are available to everyone
API timeout when searching for group issues
Unauthorised user can add child epics linked to victim's epic in an unrelated group
GitLab search allows to leak internal notes
Ambiguous branch name exploitation in GitLab
Improper permissions checks for moving an issue
Private project branches names can be leaked through a fork
Discovery 2023-03-30 Entry 2023-03-31 gitlab-ce
ge 15.10.0 lt 15.10.1
ge 15.9.0 lt 15.9.4
ge 8.1 lt 15.8.5
CVE-2022-3513
CVE-2023-0485
CVE-2023-1098
CVE-2023-1733
CVE-2023-0319
CVE-2023-1708
CVE-2023-0838
CVE-2023-0523
CVE-2023-0155
CVE-2023-1167
CVE-2023-1417
CVE-2023-1710
CVE-2023-0450
CVE-2023-1071
CVE-2022-3375
https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/
|
3507bfb3-85d5-11ec-8c9c-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Arbitrary POST requests via special HTML attributes in Jupyter Notebooks
DNS Rebinding vulnerability in Irker IRC Gateway integration
Missing certificate validation for external CI services
Blind SSRF Through Project Import
Open redirect vulnerability in Jira Integration
Issue link was disclosing the linked issue
Service desk email accessible by project non-members
Authenticated users can search other users by their private email
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
Deleting packages in bulk from package registries may cause table locks
Autocomplete enabled on specific pages
Possible SSRF due to not blocking shared address space
System notes reveals private project path when Issue is moved to a public project
Timeout for pages using Markdown
Certain branch names could not be protected
Discovery 2022-02-03 Entry 2022-02-04 gitlab-ce
ge 14.7.0 lt 14.7.1
ge 14.6.0 lt 14.6.4
ge 0 lt 14.5.4
CVE-2022-0427
CVE-2022-0425
CVE-2022-0123
CVE-2022-0136
CVE-2022-0283
CVE-2022-0390
CVE-2022-0373
CVE-2022-0371
CVE-2021-39943
CVE-2022-0477
CVE-2022-0167
CVE-2022-0249
CVE-2022-0344
CVE-2022-0488
CVE-2021-39931
https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/
|
3a023570-91ab-11ed-8950-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Race condition on gitlab.com enables verified email forgery and third-party account hijacking
DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint
Maintainer can leak sentry token by changing the configured URL
Maintainer can leak masked webhook secrets by changing target URL of the webhook
Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP
Group access tokens continue to work after owner loses ability to revoke them
Users' avatar disclosure by user ID in private GitLab instances
Arbitrary Protocol Redirection in GitLab Pages
Regex DoS due to device-detector parsing user agents
Regex DoS in the Submodule Url Parser
Discovery 2023-01-09 Entry 2023-01-11 gitlab-ce
ge 15.7.0 lt 15.7.2
ge 15.6.0 lt 15.6.4
ge 6.6.0 lt 15.5.7
CVE-2022-4037
CVE-2022-3613
CVE-2022-4365
CVE-2022-4342
CVE-2022-3573
CVE-2022-4167
CVE-2022-3870
CVE-2023-0042
CVE-2022-4131
CVE-2022-3514
https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/
|
f7c5b3a9-b9fb-11ed-99c6-001b217b3468 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
Stored XSS via Kroki diagram
Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings
Improper validation of SSO and SCIM tokens while managing groups
Maintainer can leak Datadog API key by changing Datadog site
Clipboard based XSS in the title field of work items
Improper user right checks for personal snippets
Release Description visible in public projects despite release set as project members only
Group integration settings sensitive information exposed to project maintainers
Improve pagination limits for commits
Gitlab Open Redirect Vulnerability
Maintainer may become an Owner of a project
Discovery 2023-03-02 Entry 2023-03-03 gitlab-ce
ge 15.9.0 lt 15.9.2
ge 15.8.0 lt 15.8.4
ge 9.0.0 lt 15.7.8
CVE-2023-0050
CVE-2022-4289
CVE-2022-4331
CVE-2023-0483
CVE-2022-4007
CVE-2022-3758
CVE-2023-0223
CVE-2022-4462
CVE-2023-1072
CVE-2022-3381
CVE-2023-1084
https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/
|
2823048d-9f8f-11ec-8c9c-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Runner registration token disclosure through Quick Actions
Unprivileged users can add other users to groups through an API endpoint
Inaccurate display of Snippet contents can be potentially misleading to users
Environment variables can be leaked via the sendmail delivery method
Unauthenticated user enumeration on GraphQL API
Adding a mirror with SSH credentials can leak password
Denial of Service via user comments
Discovery 2022-02-25 Entry 2022-03-09 gitlab-ce
ge 14.8.0 lt 14.8.2
ge 14.7.0 lt 14.7.4
ge 0 lt 14.6.5
CVE-2022-0735
CVE-2022-0549
CVE-2022-0751
CVE-2022-0741
CVE-2021-4191
CVE-2022-0738
CVE-2022-0489
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
|
16f7ec68-5cce-11ed-9be7-454b1dd82c64 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
DAST analyzer sends custom request headers with every request
Stored-XSS with CSP-bypass via scoped labels' color
Maintainer can leak Datadog API key by changing integration URL
Uncontrolled resource consumption when parsing URLs
Issue HTTP requests when users view an OpenAPI document and click buttons
Command injection in CI jobs via branch name in CI pipelines
Open redirection
Prefill variables do not check permission of the project in external CI config
Disclosure of audit events to insufficiently permissioned group and project members
Arbitrary GFM references rendered in Jira issue description leak private/confidential resources
Award emojis API for an internal note is accessible to users without access to the note
Open redirect in pipeline artifacts when generating HTML documents
Retrying a job in a downstream pipeline allows the retrying user to take ownership of the retried jobs in upstream pipelines
Project-level Secure Files can be written out of the target directory
Discovery 2022-11-02 Entry 2022-11-05 gitlab-ce
ge 15.5.0 lt 15.5.2
ge 15.4.0 lt 15.4.4
ge 9.3.0 lt 15.3.5
CVE-2022-3767
CVE-2022-3265
CVE-2022-3483
CVE-2022-3818
CVE-2022-3726
CVE-2022-2251
CVE-2022-3486
CVE-2022-3793
CVE-2022-3413
CVE-2022-2761
CVE-2022-3819
CVE-2022-3280
CVE-2022-3706
https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/
|
04422df1-40d8-11ed-9be7-454b1dd82c64 | Gitlab -- Multiple vulnerabilities
Gitlab reports:
Denial of Service via cloning an issue
Arbitrary PUT request as victim user through Sentry error list
Content injection via External Status Checks
Project maintainers can access Datadog API Key from logs
Unsafe serialization of Json data could lead to sensitive data leakage
Import bug allows importing of private local git repos
Maintainer can leak Github access tokens by changing integration URL (even after 15.2.1 patch)
Unauthorized users able to create issues in any project
Bypass group IP restriction on Dependency Proxy
Healthcheck endpoint allow list can be bypassed when accessed over HTTP in an HTTPS enabled system
Disclosure of Todo details to guest users
A user's primary email may be disclosed through group member events webhooks
Content manipulation due to branch/tag name confusion with the default branch name
Leakage of email addresses in WebHook logs
Specially crafted output makes job logs inaccessible
Enforce editing approval rules on project level
Discovery 2022-09-29 Entry 2022-09-30 gitlab-ce
ge 15.4.0 lt 15.4.1
ge 15.3.0 lt 15.3.4
ge 9.3.0 lt 15.2.5
CVE-2022-3293
CVE-2022-3279
CVE-2022-3325
https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/
CVE-2022-3283
CVE-2022-3060
CVE-2022-2904
CVE-2022-3018
CVE-2022-3291
CVE-2022-3067
CVE-2022-2882
CVE-2022-3066
CVE-2022-3286
CVE-2022-3285
CVE-2022-3330
CVE-2022-3351
CVE-2022-3288
|
f414d69f-e43d-11ec-9ea4-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Account take over via SCIM email change
Stored XSS in Jira integration
Quick action commands susceptible to XSS
IP allowlist bypass when using Trigger tokens
IP allowlist bypass when using Project Deploy Tokens
Improper authorization in the Interactive Web Terminal
Subgroup member can list members of parent group
Group member lock bypass
Discovery 2022-06-01 Entry 2022-06-04 gitlab-ce
ge 15.0.0 lt 15.0.1
ge 14.10.0 lt 14.10.4
ge 11.10.0 lt 14.9.5
CVE-2022-1680
CVE-2022-1940
CVE-2022-1948
CVE-2022-1935
CVE-2022-1936
CVE-2022-1944
CVE-2022-1821
CVE-2022-1783
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
|
8657eedd-b423-11ec-9559-001b217b3468 | Gitlab -- multiple vulnerabilities
Gitlab reports:
Static passwords inadvertently set during OmniAuth-based registration
Stored XSS in notes
Stored XSS on Multi-word milestone reference
Denial of service caused by a specially crafted RDoc file
GitLab Pages access tokens can be reused on multiple domains
GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout
Incorrect include in pipeline definition exposes masked CI variables in UI
Regular expression denial of service in release asset link
Latest Commit details from private projects leaked to guest users via Merge Requests
CI/CD analytics are available even when public pipelines are disabled
Absence of limit for the number of tags that can be added to a runner can cause performance issues
Client DoS through rendering crafted comments
Blind SSRF Through Repository Mirroring
Bypass of branch restriction in Asana integration
Readable approval rules by Guest user
Redact InvalidURIError error messages
Project import maps members' created_by_id users based on source user ID
Discovery 2022-03-31 Entry 2022-04-04 gitlab-ce
ge 14.9.0 lt 14.9.2
ge 14.8.0 lt 14.8.5
ge 0 lt 14.7.7
CVE-2022-1162
CVE-2022-1175
CVE-2022-1190
CVE-2022-1185
CVE-2022-1148
CVE-2022-1121
CVE-2022-1120
CVE-2022-1100
CVE-2022-1193
CVE-2022-1105
CVE-2022-1099
CVE-2022-1174
CVE-2022-1188
CVE-2022-0740
CVE-2022-1189
CVE-2022-1157
CVE-2022-1111
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
|
3cde510a-7135-11ed-a28b-bff032704f00 | Gitlab -- Multiple Vulnerabilities
Gitlab reports:
DAST API scanner exposes Authorization headers in vulnerabilities
Group IP allow-list not fully respected by the Package Registry
Deploy keys and tokens may bypass External Authorization service if it is enabled
Repository import still allows to import 40 hexadecimal branches
Webhook secret tokens leaked in webhook logs
Maintainer can leak webhook secret token by changing the webhook URL
Cross-site scripting in Jira Integration affecting self-hosted instances without strict CSP
Release names visible in public projects despite release set as project members only
Sidekiq background job DoS by uploading malicious NuGet packages
SSRF in Web Terminal advertise_address
Discovery 2022-11-30 Entry 2022-12-01 gitlab-ce
ge 15.6.0 lt 15.6.1
ge 15.5.0 lt 15.5.5
ge 9.3.0 lt 15.4.6
CVE-2022-4206
CVE-2022-3820
CVE-2022-3740
CVE-2022-4205
CVE-2022-3902
CVE-2022-4054
CVE-2022-3572
CVE-2022-3482
CVE-2022-3478
CVE-2022-4201
https://about.gitlab.com/releases/2022/11/30/security-release-gitlab-15-6-1-released/
|