GitLab 15.6.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:15.6.0:*:*:*:community:*:*:*
part: a version: 15.6.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305617 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-4255 |
vulnerable | 2026-06-03 14:48:35.341826 |
Details available
MEDIUM (4.3)
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.
Published: 2023-01-27T00:00:00.000Z
Updated: 2025-03-27T20:17:04.693Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4205 |
vulnerable | 2026-06-03 14:48:35.258566 |
Details available
MEDIUM (6.3)
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
Published: 2023-01-27T00:00:00.000Z
Updated: 2025-03-27T20:21:18.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4201 |
vulnerable | 2026-06-03 14:48:35.254436 |
Details available
LOW (3.5)
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.
Published: 2023-01-27T00:00:00.000Z
Updated: 2025-03-27T20:20:58.630Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4092 |
vulnerable | 2026-06-03 14:48:35.048223 |
Details available
MEDIUM (5.7)
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-01T17:36:33.623Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4054 |
vulnerable | 2026-06-03 14:48:35.009665 |
Details available
MEDIUM (5.5)
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:15:52.961Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3902 |
vulnerable | 2026-06-03 14:47:59.504058 |
Details available
MEDIUM (5.5)
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:00:25.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3820 |
vulnerable | 2026-06-03 14:47:59.336149 |
Details available
MEDIUM (6.5)
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:02:18.005Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3740 |
vulnerable | 2026-06-03 14:47:58.993388 |
Details available
MEDIUM (6.5)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:03:23.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3572 |
vulnerable | 2026-06-03 14:47:58.721481 |
Details available
CRITICAL (9.3)
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:03:52.887Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3482 |
vulnerable | 2026-06-03 14:47:58.579234 |
Details available
MEDIUM (5.3)
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:04:21.592Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3478 |
vulnerable | 2026-06-03 14:47:58.500609 |
Details available
MEDIUM (4.3)
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.
Published: 2023-01-24T00:00:00.000Z
Updated: 2025-04-02T15:05:04.648Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.