Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2022-1352

Disclosure Date: May 11, 2022 (last updated February 23, 2025)
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.
Attacker Value
Unknown

CVE-2022-1124

Disclosure Date: May 11, 2022 (last updated February 23, 2025)
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Attacker Value
Unknown

CVE-2022-1431

Disclosure Date: May 10, 2022 (last updated February 23, 2025)
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.
Attacker Value
Unknown

CVE-2022-1417

Disclosure Date: May 10, 2022 (last updated February 23, 2025)
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs