Total
968 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20507 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2019-18455 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||||
CVE-2019-18462 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | |||||
CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | |||||
CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
CVE-2019-13009 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||||
CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | |||||
CVE-2019-20148 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. | |||||
CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | |||||
CVE-2019-5469 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. | |||||
CVE-2019-18452 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. | |||||
CVE-2018-20492 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). | |||||
CVE-2019-15579 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | |||||
CVE-2019-19259 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | |||||
CVE-2018-20496 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | |||||
CVE-2019-19260 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | |||||
CVE-2018-20498 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2020-7971 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GitLab EE 11.0 and later through 12.7.2 allows XSS. | |||||
CVE-2019-5487 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. |