Filtered by vendor Gitlab
Subscribe
Total
821 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-03 | 6.5 MEDIUM | 8.8 HIGH |
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||||
CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | |||||
CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | |||||
CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | |||||
CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||||
CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | |||||
CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | |||||
CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | |||||
CVE-2019-20143 | 1 Gitlab | 1 Gitlab | 2020-01-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. | |||||
CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2020-01-16 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | |||||
CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 7.5 HIGH | 9.8 CRITICAL |
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | |||||
CVE-2019-19314 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | |||||
CVE-2018-20507 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 3.5 LOW | 5.4 MEDIUM |
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | |||||
CVE-2019-19261 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 6.8 MEDIUM | 8.8 HIGH |
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | |||||
CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 6.5 MEDIUM |
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | |||||
CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
CVE-2018-20497 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 5.0 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | |||||
CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.9 MEDIUM |
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | |||||
CVE-2018-20488 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. |