Filtered by vendor Gitlab
Subscribe
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12428 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. | |||||
| CVE-2018-20501 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-18458 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). | |||||
| CVE-2019-20145 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-20147 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-19629 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | |||||
| CVE-2019-19254 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2019-18454 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. | |||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2020-7972 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2019-5462 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | |||||
| CVE-2019-20142 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. | |||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | |||||
| CVE-2019-15589 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. | |||||
| CVE-2019-15590 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | |||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
| CVE-2020-6833 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | |||||
| CVE-2019-20144 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-19255 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | |||||