Filtered by vendor Gitlab
Subscribe
Total
981 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13006 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. | |||||
CVE-2019-13005 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. | |||||
CVE-2019-18459 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). | |||||
CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||||
CVE-2019-13010 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. | |||||
CVE-2019-15577 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | |||||
CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | |||||
CVE-2019-12429 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. | |||||
CVE-2019-12431 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. | |||||
CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
CVE-2018-20497 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | |||||
CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | |||||
CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | |||||
CVE-2018-20495 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | |||||
CVE-2019-15593 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | |||||
CVE-2020-7977 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | |||||
CVE-2020-8114 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||||
CVE-2018-20494 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2020-6832 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. | |||||
CVE-2019-15582 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. |