Vulnerabilities > Gitlab > Gitlab > 15.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-10 | CVE-2022-3413 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. | 4.3 |
2022-11-10 | CVE-2022-3819 | Incorrect Authorization vulnerability in Gitlab An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. | 4.3 |
2022-10-28 | CVE-2022-3018 | Information Exposure Through Log Files vulnerability in Gitlab An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | 4.9 |
2022-10-17 | CVE-2022-2592 | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. | 6.5 |
2022-10-17 | CVE-2022-2908 | Unspecified vulnerability in Gitlab A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | 4.3 |
2022-10-17 | CVE-2022-2992 | Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. | 9.9 |
2022-10-17 | CVE-2022-3325 | Unspecified vulnerability in Gitlab Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. | 4.3 |
2022-10-17 | CVE-2022-3330 | Unspecified vulnerability in Gitlab It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | 4.3 |
2022-10-17 | CVE-2022-3351 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. | 4.3 |