AVG-2696 log

Package gitlab
Status Fixed
Severity High
Type multiple issues
Affected 14.10-1
Fixed 14.10.2-1
Current 15.6.0-1 [community]
Ticket None
Created Mon May 9 08:57:49 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-1510 Medium Unknown Denial of service
GitLab all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was not...
CVE-2022-1460 Medium Unknown Access restriction bypass
GitLab all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was not...
CVE-2022-1433 Low Unknown Unknown
Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute in...
CVE-2022-1431 Medium Unknown Denial of service
GitLab all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was...
CVE-2022-1428 Medium Unknown Denial of service
GitLab all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was incorrectly verifying...
CVE-2022-1426 Low Unknown Authentication bypass
GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1 was not correctly...
CVE-2022-1423 High Unknown Arbitrary code execution
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions from 1.0.2 before 14.8.6 allows a malicious actor with Developer...
CVE-2022-1417 Medium Unknown Authentication bypass
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all...
CVE-2022-1416 Medium Unknown Unknown
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6 allows for rendering of...
CVE-2022-1413 Medium Unknown Information disclosure
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6 causes potentially sensitive integration properties to be...
CVE-2022-1406 Medium Unknown Insufficient validation
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a...
CVE-2022-1352 Medium Unknown Information disclosure
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10...
CVE-2022-1124 Medium Unknown Information disclosure
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and...
References
https://about.gitlab.com/releases/2022/05/02/security-release-gitlab-14-10-1-released/