Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gitlab Subscribe
Total 821 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4583 1 Gitlab 2 Gitlab, Gitlab-shell 2020-02-03 6.5 MEDIUM 8.8 HIGH
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
CVE-2019-5464 1 Gitlab 1 Gitlab 2020-01-31 7.5 HIGH 9.8 CRITICAL
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVE-2019-5472 1 Gitlab 1 Gitlab 2020-01-31 5.0 MEDIUM 7.5 HIGH
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
CVE-2019-15585 1 Gitlab 1 Gitlab 2020-01-28 7.5 HIGH 9.8 CRITICAL
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
CVE-2019-15578 1 Gitlab 1 Gitlab 2020-01-28 5.0 MEDIUM 5.3 MEDIUM
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
CVE-2019-15581 1 Gitlab 1 Gitlab 2020-01-28 5.0 MEDIUM 5.3 MEDIUM
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
CVE-2019-15583 1 Gitlab 1 Gitlab 2020-01-28 5.0 MEDIUM 7.5 HIGH
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
CVE-2019-15586 1 Gitlab 1 Gitlab 2020-01-28 4.3 MEDIUM 6.1 MEDIUM
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-20143 1 Gitlab 1 Gitlab 2020-01-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.
CVE-2019-20146 1 Gitlab 1 Gitlab 2020-01-16 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.
CVE-2019-19628 1 Gitlab 1 Gitlab 2020-01-10 7.5 HIGH 9.8 CRITICAL
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
CVE-2019-19314 1 Gitlab 1 Gitlab 2020-01-10 5.0 MEDIUM 7.5 HIGH
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
CVE-2018-20507 1 Gitlab 1 Gitlab 2020-01-09 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2019-19311 1 Gitlab 1 Gitlab 2020-01-09 3.5 LOW 5.4 MEDIUM
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
CVE-2019-19261 1 Gitlab 1 Gitlab 2020-01-09 6.8 MEDIUM 8.8 HIGH
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
CVE-2019-15584 1 Gitlab 1 Gitlab 2020-01-08 4.0 MEDIUM 6.5 MEDIUM
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
CVE-2018-20489 1 Gitlab 1 Gitlab 2020-01-08 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVE-2018-20497 1 Gitlab 1 Gitlab 2020-01-08 4.0 MEDIUM 5.0 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
CVE-2019-19310 1 Gitlab 1 Gitlab 2020-01-08 4.0 MEDIUM 4.9 MEDIUM
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
CVE-2018-20488 1 Gitlab 1 Gitlab 2020-01-08 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.