The host is installed with GitLab CE/EE 11.1 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to a URL redirection to untrusted site vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allows an attacker to redirect users to an arbitrary location if they trust the URL.
The host is installed with GitLab CE/EE 8.13 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, under certain conditions, using the REST API an unprivileged user was able to change labels description.
The host is installed with GitLab CE/EE 12.5 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allows disclosure of release titles if group milestones are associated with any project releases.
The host is installed with GitLab EE 12.2 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be by ...
The host is installed with GitLab CE/EE before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allows a previous maintainer of a project with a specific runner to access job and project meta data under certain ...
The host is installed with GitLab CE/EE 15.2 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in the external status checks feature. Successful exploitation could lead to a stored XSS that allows attackers to perform arbitrary actions on behalf of victims at clie ...
The host is installed with GitLab CE/EE 15.2 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle issues in the external status checks feature. Successful exploitation could lead to a stored XSS that allows attackers to perform arbitrary actions on behalf of victims at clie ...
The host is installed with GitLab CE/EE 10.0 before 12.9.8, 12.10 before 12.10.7 or 13.0 before 13.0.1 and is prone an authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows an attacker to cause unspecified impact.
The host is installed with GitLab CE/EE 10.0 before 12.9.8, 12.10 before 12.10.7 or 13.0 before 13.0.1 and is prone an authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows an attacker to cause unspecified impact.
The host is installed with GitLab CE/EE 12.6 before 15.2.5, 15.3 before 15.3.4 or 15.4 before 15.4.1 and is prone to a information exposure vulnerability. A flaw is present in the application, which fails to properly handle GitHub integration's access token. Successful exploitation allows a malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL s ...