Vulnerabilities > Gitlab > Gitlab > 11.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-2592 | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. | 6.5 |
| 2022-10-17 | CVE-2022-2865 | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. | 4.8 |
| 2022-10-17 | CVE-2022-2884 | OS Command Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint | 9.9 |
| 2022-10-17 | CVE-2022-2908 | Unspecified vulnerability in Gitlab A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | 4.3 |
| 2022-10-17 | CVE-2022-2931 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. | 7.5 |
| 2022-10-17 | CVE-2022-2992 | Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | 9.9 |
| 2022-10-17 | CVE-2022-3030 | Unspecified vulnerability in Gitlab An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. | 4.3 |
| 2022-10-17 | CVE-2022-3031 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. | 7.5 |
| 2022-10-17 | CVE-2022-3060 | Path Traversal vulnerability in Gitlab Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | 7.3 |
| 2022-10-17 | CVE-2022-3279 | Improper Handling of Exceptional Conditions vulnerability in Gitlab An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | 6.5 |