Filtered by vendor Gitlab
Subscribe
Total
661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15727 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | |||||
| CVE-2019-6791 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. | |||||
| CVE-2019-6787 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. | |||||
| CVE-2018-19579 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | |||||
| CVE-2019-11547 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | |||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | |||||
| CVE-2019-11546 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. | |||||
| CVE-2019-15731 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. | |||||
| CVE-2019-15738 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | |||||
| CVE-2019-9866 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. | |||||
| CVE-2018-19582 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | |||||
| CVE-2019-10115 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. | |||||
| CVE-2019-15740 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | |||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2018-19572 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. | |||||
| CVE-2019-15723 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. | |||||
| CVE-2019-11545 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. | |||||
| CVE-2019-6997 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||