Filtered by vendor Gitlab
Subscribe
Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20499 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.4 MEDIUM | 7.2 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | |||||
| CVE-2019-19629 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | |||||
| CVE-2020-7972 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2019-5462 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | |||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | |||||
| CVE-2019-15589 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. | |||||
| CVE-2019-15590 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | |||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
| CVE-2020-6833 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | |||||
| CVE-2019-18457 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. | |||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
| CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | |||||
| CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | |||||
| CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | |||||
| CVE-2019-13003 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | |||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | |||||
| CVE-2019-18460 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. | |||||
| CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||