Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2022-1162 | Use of Hard-coded Credentials vulnerability in Gitlab A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. | 9.8 |
| 2022-04-04 | CVE-2022-1174 | Improper Validation of Specified Quantity in Input vulnerability in Gitlab A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc. | 7.5 |
| 2022-04-04 | CVE-2022-1175 | Cross-site Scripting vulnerability in Gitlab Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | 6.1 |
| 2022-04-04 | CVE-2022-1185 | Out-of-bounds Write vulnerability in Gitlab A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file | 6.5 |
| 2022-04-04 | CVE-2022-1188 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible. | 5.3 |
| 2022-04-04 | CVE-2022-1189 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | 4.3 |
| 2022-04-04 | CVE-2022-1190 | Cross-site Scripting vulnerability in Gitlab Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | 5.4 |
| 2022-04-01 | CVE-2021-39908 | Code Injection vulnerability in Gitlab In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | 7.5 |
| 2022-04-01 | CVE-2022-0373 | Unspecified vulnerability in Gitlab Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | 4.3 |
| 2022-04-01 | CVE-2022-0390 | Missing Authorization vulnerability in Gitlab Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | 4.3 |