Filtered by vendor Gitlab
Subscribe
Search
Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10077 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | |||||
| CVE-2020-8113 | 1 Gitlab | 1 Gitlab | 2020-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. | |||||
| CVE-2020-10083 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | |||||
| CVE-2020-10078 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. | |||||
| CVE-2020-10076 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. | |||||
| CVE-2020-10082 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | |||||
| CVE-2020-10535 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | |||||
| CVE-2020-10086 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | |||||
| CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | |||||
| CVE-2020-10090 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | |||||
| CVE-2020-10091 | 1 Gitlab | 1 Gitlab | 2020-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. | |||||
| CVE-2020-10092 | 1 Gitlab | 1 Gitlab | 2020-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. | |||||
| CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | |||||
| CVE-2019-13004 | 1 Gitlab | 1 Gitlab | 2020-03-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2019-13003 | 1 Gitlab | 1 Gitlab | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
| CVE-2019-13001 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||||
| CVE-2019-12445 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. | |||||
| CVE-2019-12443 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2019-12441 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. | |||||
| CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | |||||
| CVE-2019-12432 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. | |||||
| CVE-2019-12433 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. | |||||
| CVE-2019-12825 | 1 Gitlab | 1 Gitlab | 2020-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. | |||||
| CVE-2020-8114 | 1 Gitlab | 1 Gitlab | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||||
| CVE-2020-7979 | 1 Gitlab | 1 Gitlab | 2020-02-07 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
| CVE-2020-7971 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab EE 11.0 and later through 12.7.2 allows XSS. | |||||
| CVE-2020-7972 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2020-7967 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | |||||
| CVE-2020-7973 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab through 12.7.2 allows XSS. | |||||
| CVE-2020-7977 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | |||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | |||||
| CVE-2013-4582 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | |||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
| CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | |||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | |||||
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | |||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | |||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
| CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | |||||
| CVE-2019-20143 | 1 Gitlab | 1 Gitlab | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. | |||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2020-01-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | |||||
| CVE-2019-19314 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | |||||
| CVE-2018-20507 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||