GitLab 15.0.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*
part: a version: 15.0.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.289635 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-1948 |
vulnerable | 2026-06-03 14:45:59.956726 |
Details available
HIGH (8.7)
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.
Published: 2022-07-28T14:46:01.000Z
Updated: 2024-08-03T00:24:42.604Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1944 |
vulnerable | 2026-06-03 14:45:59.948822 |
Details available
MEDIUM (5.4)
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
Published: 2022-06-06T16:58:35.000Z
Updated: 2024-08-03T00:24:42.991Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1940 |
vulnerable | 2026-06-03 14:45:59.943011 |
Details available
HIGH (7.7)
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues
Published: 2022-06-06T16:52:22.000Z
Updated: 2024-08-03T00:24:42.587Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1936 |
vulnerable | 2026-06-03 14:45:59.936436 |
Details available
MEDIUM (6.5)
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured
Published: 2022-06-06T16:54:22.000Z
Updated: 2024-08-03T00:24:42.557Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1935 |
vulnerable | 2026-06-03 14:45:59.936054 |
Details available
MEDIUM (6.5)
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
Published: 2022-06-06T16:50:27.000Z
Updated: 2024-08-03T00:24:42.627Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1821 |
vulnerable | 2026-06-03 14:45:59.683218 |
Details available
MEDIUM (4.3)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.
Published: 2022-06-06T16:56:35.000Z
Updated: 2024-08-03T00:17:00.595Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1783 |
vulnerable | 2026-06-03 14:45:59.605909 |
Details available
LOW (2.7)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.
Published: 2022-06-06T17:00:32.000Z
Updated: 2024-08-03T00:16:59.907Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1680 |
vulnerable | 2026-06-03 14:45:59.386868 |
Details available
CRITICAL (9.9)
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.
Published: 2022-06-06T17:05:16.000Z
Updated: 2024-08-03T00:10:03.843Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.