Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-2303 | Improper Authentication vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 4.3 |
| 2022-08-05 | CVE-2022-2307 | Incomplete Cleanup vulnerability in Gitlab A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. | 3.8 |
| 2022-08-05 | CVE-2022-2326 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 8.1 |
| 2022-08-05 | CVE-2022-2417 | Improper Input Validation vulnerability in Gitlab Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. | 4.5 |
| 2022-08-05 | CVE-2022-2456 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 2.7 |
| 2022-08-05 | CVE-2022-2459 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 2.7 |
| 2022-08-05 | CVE-2022-2497 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 6.4 |
| 2022-08-05 | CVE-2022-2498 | Improper Privilege Management vulnerability in Gitlab An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. | 7.5 |
| 2022-08-05 | CVE-2022-2499 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. | 4.3 |
| 2022-08-05 | CVE-2022-2500 | Cross-site Scripting vulnerability in Gitlab A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. | 5.4 |