Filtered by vendor Gitlab
Subscribe
Total
219 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | |||||
CVE-2019-6788 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. | |||||
CVE-2019-15729 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. | |||||
CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | |||||
CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | |||||
CVE-2019-10113 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption. | |||||
CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | |||||
CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | |||||
CVE-2019-6793 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 7.0 HIGH |
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | |||||
CVE-2019-9220 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. | |||||
CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | |||||
CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | |||||
CVE-2018-19584 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | |||||
CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||||
CVE-2018-20229 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. | |||||
CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.4 MEDIUM | 8.1 HIGH |
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | |||||
CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | |||||
CVE-2018-20144 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. |