vulnerability
FreeBSD: VID-e6b994e2-2891-11ed-9be7-454b1dd82c64 (CVE-2022-2527): Gitlab -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:N) | Aug 30, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Aug 30, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntries calls leads to denial of service Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags Regular Expression Denial of Service via special crafted input Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events Regex backtracking through the Commit message field Read repository content via LivePreview feature Denial of Service via the Create branch API Denial of Service via Issue preview IDOR in Zentao integration leaked issue details Brute force attack may guess a password even when 2FA is enabled
Solution
freebsd-upgrade-package-gitlab-ce
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.