Vulnerabilities > Gitlab > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-3285 Unspecified vulnerability in Gitlab
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
network
low complexity
gitlab
7.5
2022-10-21 CVE-2022-3639 Resource Exhaustion vulnerability in Gitlab
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.
network
low complexity
gitlab CWE-400
7.5
2022-10-17 CVE-2022-2428 Cross-site Scripting vulnerability in Gitlab
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests
network
low complexity
gitlab CWE-79
7.3
2022-10-17 CVE-2022-2527 Cross-site Scripting vulnerability in Gitlab
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content.
network
low complexity
gitlab CWE-79
8.0
2022-10-17 CVE-2022-2533 Improper Authentication vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.
network
high complexity
gitlab CWE-287
7.4
2022-10-17 CVE-2022-2931 Resource Exhaustion vulnerability in Gitlab
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.
network
low complexity
gitlab CWE-400
7.5
2022-10-17 CVE-2022-3031 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.
network
low complexity
gitlab
7.5
2022-10-17 CVE-2022-3060 Path Traversal vulnerability in Gitlab
Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests
network
low complexity
gitlab CWE-22
7.3
2022-10-17 CVE-2022-3283 Resource Exhaustion vulnerability in Gitlab
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.
network
low complexity
gitlab CWE-400
7.5
2022-07-01 CVE-2022-2229 Unspecified vulnerability in Gitlab
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
network
low complexity
gitlab
7.5