Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-3060 | Path Traversal vulnerability in Gitlab Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | 7.3 |
| 2022-10-17 | CVE-2022-3066 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. | 5.4 |
| 2022-10-17 | CVE-2022-3067 | Unspecified vulnerability in Gitlab An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. | 6.5 |
| 2022-10-17 | CVE-2022-3279 | Improper Handling of Exceptional Conditions vulnerability in Gitlab An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | 6.5 |
| 2022-10-17 | CVE-2022-3283 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | 7.5 |
| 2022-10-17 | CVE-2022-3286 | Unspecified vulnerability in Gitlab Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token | 5.3 |
| 2022-10-17 | CVE-2022-3288 | Unspecified vulnerability in Gitlab A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. | 4.3 |
| 2022-10-17 | CVE-2022-3291 | Deserialization of Untrusted Data vulnerability in Gitlab Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache | 6.5 |
| 2022-10-17 | CVE-2022-3293 | Information Exposure Through Log Files vulnerability in Gitlab Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 | 4.3 |
| 2022-10-17 | CVE-2022-3325 | Unspecified vulnerability in Gitlab Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. | 4.3 |