QID 379226

GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software

Affected Versions:
CVE-2022-0244:GitLab CE/EE affecting all versions starting with 14.5
CVE-2021-39946:GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2
CVE-2022-0154:GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, and all versions starting from 14.6.0 before 14.6.2
CVE-2022-0152:GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, and all versions starting from 14.6.0 before 14.6.2
CVE-2022-0151:GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, and all versions starting from 14.6.0 before 14.6.2
CVE-2022-0172:GitLab CE/EE affecting all versions starting with 12.3
CVE-2022-0090:GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1
CVE-2022-0125:GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, and all versions starting from 14.6.0 before 14.6.2
CVE-2022-0124:GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1
CVE-2021-39942:GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, and all versions starting from 14.5 before 14.5.2
CVE-2022-0093:GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1
CVE-2021-39927:GitLab CE/EE versions between 8.4 and 14.4.x, between 14.5.0 and 14.5.x, and between 14.6.0 and 14.6.x

Patch Versions:
GitLab Security Release: 14.6.2, 14.5.3, and 14.4.5

QID Detection Logic:(Authenticated)
It fires gitlab-rake gitlab:env:info command to check vulnerable version of GitLab.

Successful exploitation of this vulnerability affects Confidentiality, Integrity, Availability.