VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@14.10.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1tja-ztb9-myhy	An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.	CVE-2022-1431
VCID-221v-5q8x-5ygz	Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs	CVE-2022-1417
VCID-2gxb-vk9m-c3hd	An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.	CVE-2022-1460
VCID-4xun-1v5s-uqbt	An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.	CVE-2022-1433
VCID-62y5-e7f4-7kbz	Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface	CVE-2022-1413
VCID-a4kg-mmhm-jqhp	Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.	CVE-2022-1352
VCID-bvmd-gmg3-eue2	An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.	CVE-2022-1426
VCID-hawe-rs16-37bf	Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling	CVE-2022-1416
VCID-rc6v-b3x8-87bu	An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled	CVE-2022-1124
VCID-svws-7gd2-r3f5	An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.	CVE-2022-1428
VCID-wt3g-99mt-uug6	Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project	CVE-2022-1406
VCID-wvtd-44nu-ckgb	Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches	CVE-2022-1423
VCID-ykza-d472-n7a4	An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.	CVE-2022-1510

Vulnerability

Summary

Aliases

VCID-1tja-ztb9-myhy

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

CVE-2022-1431

VCID-221v-5q8x-5ygz

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

CVE-2022-1417

VCID-2gxb-vk9m-c3hd

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.

CVE-2022-1460

VCID-4xun-1v5s-uqbt

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS vulnerability (CVE-2022-1175) to persist and execute.

CVE-2022-1433

VCID-62y5-e7f4-7kbz

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface

CVE-2022-1413

VCID-a4kg-mmhm-jqhp

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

CVE-2022-1352

VCID-bvmd-gmg3-eue2

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token.

CVE-2022-1426

VCID-hawe-rs16-37bf

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling

CVE-2022-1416

VCID-rc6v-b3x8-87bu

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled

CVE-2022-1124

VCID-svws-7gd2-r3f5

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

CVE-2022-1428

VCID-wt3g-99mt-uug6

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project

CVE-2022-1406

VCID-wvtd-44nu-ckgb

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches

CVE-2022-1423

VCID-ykza-d472-n7a4

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

CVE-2022-1510

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:07.844472+00:00	Arch Linux Importer	Fixing	VCID-rc6v-b3x8-87bu	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.822607+00:00	Arch Linux Importer	Fixing	VCID-a4kg-mmhm-jqhp	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.801587+00:00	Arch Linux Importer	Fixing	VCID-wt3g-99mt-uug6	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.780036+00:00	Arch Linux Importer	Fixing	VCID-62y5-e7f4-7kbz	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.757654+00:00	Arch Linux Importer	Fixing	VCID-hawe-rs16-37bf	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.733549+00:00	Arch Linux Importer	Fixing	VCID-221v-5q8x-5ygz	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.711086+00:00	Arch Linux Importer	Fixing	VCID-wvtd-44nu-ckgb	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.690878+00:00	Arch Linux Importer	Fixing	VCID-bvmd-gmg3-eue2	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.665767+00:00	Arch Linux Importer	Fixing	VCID-svws-7gd2-r3f5	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.642107+00:00	Arch Linux Importer	Fixing	VCID-1tja-ztb9-myhy	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.619041+00:00	Arch Linux Importer	Fixing	VCID-4xun-1v5s-uqbt	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.596248+00:00	Arch Linux Importer	Fixing	VCID-2gxb-vk9m-c3hd	https://security.archlinux.org/AVG-2696	38.0.0
2026-04-01T18:25:07.573088+00:00	Arch Linux Importer	Fixing	VCID-ykza-d472-n7a4	https://security.archlinux.org/AVG-2696	38.0.0