GCVE - cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*

part: a version: 15.0.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.289632

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-1948`	vulnerable	2026-06-03 14:45:59.956704	Details available HIGH (8.7) An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. Published: 2022-07-28T14:46:01.000Z Updated: 2024-08-03T00:24:42.604Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/security/gitlab/-/issues/673 https://hackerone.com/reports/1578400 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1948.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1944`	vulnerable	2026-06-03 14:45:59.948805	Details available MEDIUM (5.4) When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs Published: 2022-06-06T16:58:35.000Z Updated: 2024-08-03T00:24:42.991Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/349750 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1944.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1821`	vulnerable	2026-06-03 14:45:59.683201	Details available MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. Published: 2022-06-06T16:56:35.000Z Updated: 2024-08-03T00:17:00.595Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/353730 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1821.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1783`	vulnerable	2026-06-03 14:45:59.605861	Details available LOW (2.7) An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. Published: 2022-06-06T17:00:32.000Z Updated: 2024-08-03T00:16:59.907Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/353121 https://hackerone.com/reports/1472109 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1783.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.