Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  Security Vulnerabilities
CVE-2022-3279
An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs
CVSS Score
2.7
EPSS Score
0.001
Published
2022-10-17
CVE-2022-3283
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-17
CVE-2022-3286
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token
CVSS Score
5.3
EPSS Score
0.0
Published
2022-10-17
CVE-2022-3288
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-17
CVE-2022-3291
Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache
CVSS Score
6.5
EPSS Score
0.002
Published
2022-10-17
CVE-2022-3293
Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-17
CVE-2022-3325
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
CVSS Score
2.7
EPSS Score
0.0
Published
2022-10-17
CVE-2022-3330
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-10-17
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-10-17
CVE-2022-3351
An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-10-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved