Total
213 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15590 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | |||||
CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
CVE-2020-6833 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | |||||
CVE-2019-18457 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. | |||||
CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | |||||
CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | |||||
CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | |||||
CVE-2019-13003 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | |||||
CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | |||||
CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | |||||
CVE-2019-18460 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. | |||||
CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | |||||
CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||||
CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | |||||
CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | |||||
CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2019-19261 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. |