Vulnerabilities > Gitlab > Gitlab > 14.7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-1120 | Information Exposure Through an Error Message vulnerability in Gitlab Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration. | 4.0 |
| 2022-04-04 | CVE-2022-1121 | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | 5.0 |
| 2022-04-04 | CVE-2022-1148 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Gitlab Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites | 6.5 |
| 2022-04-04 | CVE-2022-1162 | Use of Hard-coded Credentials vulnerability in Gitlab A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. | 7.5 |
| 2022-04-04 | CVE-2022-1174 | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | 7.5 |
| 2022-04-04 | CVE-2022-1175 | Cross-site Scripting vulnerability in Gitlab Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | 4.3 |
| 2022-04-04 | CVE-2022-1185 | Out-of-bounds Write vulnerability in Gitlab A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | 6.5 |
| 2022-04-04 | CVE-2022-1188 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | 5.0 |
| 2022-04-04 | CVE-2022-1189 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | 4.0 |
| 2022-04-04 | CVE-2022-1190 | Cross-site Scripting vulnerability in Gitlab Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | 3.5 |