GitLab 15.2 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
part: a version: 15.2 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.305571 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-2539 |
vulnerable | 2026-06-03 14:47:06.616771 |
Details available
MEDIUM (5.3)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.
Published: 2022-08-05T15:09:58.000Z
Updated: 2024-08-03T00:39:08.068Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2534 |
vulnerable | 2026-06-03 14:47:06.604344 |
Details available
LOW (2.2)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.
Published: 2022-08-05T15:11:53.000Z
Updated: 2024-08-03T00:39:08.000Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2512 |
vulnerable | 2026-06-03 14:47:06.552349 |
Details available
MEDIUM (6.5)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.
Published: 2022-08-05T15:09:47.000Z
Updated: 2024-08-03T00:39:07.942Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2500 |
vulnerable | 2026-06-03 14:47:06.526697 |
Details available
MEDIUM (4.4)
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.
Published: 2022-08-05T15:12:34.000Z
Updated: 2024-08-03T00:39:07.807Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2497 |
vulnerable | 2026-06-03 14:47:06.525532 |
Details available
HIGH (8.5)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
Published: 2022-08-05T15:09:19.000Z
Updated: 2024-08-03T00:39:07.794Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2459 |
vulnerable | 2026-06-03 14:47:06.420406 |
Details available
LOW (2.7)
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.
Published: 2022-08-05T15:12:45.000Z
Updated: 2024-08-03T00:39:07.815Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2456 |
vulnerable | 2026-06-03 14:47:06.413761 |
Details available
MEDIUM (4.9)
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.
Published: 2022-08-05T15:10:42.000Z
Updated: 2024-08-03T00:39:07.782Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2417 |
vulnerable | 2026-06-03 14:47:06.312423 |
Details available
MEDIUM (6.2)
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.
Published: 2022-08-05T15:10:27.000Z
Updated: 2024-08-03T00:39:06.949Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2307 |
vulnerable | 2026-06-03 14:47:06.017751 |
Details available
LOW (3.5)
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.
Published: 2022-08-05T15:11:12.000Z
Updated: 2024-08-03T00:32:09.596Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2303 |
vulnerable | 2026-06-03 14:47:06.007640 |
Details available
MEDIUM (4.3)
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.
Published: 2022-08-05T15:11:39.000Z
Updated: 2024-08-03T00:32:09.595Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2095 |
vulnerable | 2026-06-03 14:47:00.247995 |
Details available
MEDIUM (4.3)
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.
Published: 2022-08-05T15:12:59.000Z
Updated: 2024-08-03T00:24:44.172Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.