Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12275 1Gitlab 1Gitlab Nov 21, 2024 Apr 29, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
CVE-2020-11649 1Gitlab 1Gitlab Nov 21, 2024 Apr 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
CVE-2020-11506 1Gitlab 1Gitlab Nov 21, 2024 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVE-2020-11505 1Gitlab 1Gitlab Nov 21, 2024 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Expo...Show more An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.Show less
CVE-2020-10981 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
CVE-2020-10980 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
CVE-2020-10979 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
CVE-2020-10978 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
CVE-2020-10977 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
CVE-2020-10976 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
CVE-2020-10975 1Gitlab 1Gitlab Nov 21, 2024 Apr 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
CVE-2020-10956 1Gitlab 1Gitlab Nov 21, 2024 Mar 27, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVE-2020-10955 2Debian Gitlab 2Debian Linux Gitlab Nov 21, 2024 Mar 27, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
CVE-2020-10954 1Gitlab 1Gitlab Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GitLab through 12.9 is affected by a potential DoS in repository archive download.
CVE-2020-10953 1Gitlab 1Gitlab Nov 21, 2024 Mar 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
CVE-2020-10952 1Gitlab 1Gitlab Nov 21, 2024 Mar 27, 2020 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
CVE-2020-10077 1Gitlab 1Gitlab Nov 21, 2024 Mar 13, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVE-2020-10076 1Gitlab 1Gitlab Nov 21, 2024 Mar 13, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVE-2020-10075 1Gitlab 1Gitlab Nov 21, 2024 Mar 13, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
CVE-2020-10074 1Gitlab 1Gitlab Nov 21, 2024 Mar 13, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.

Previous 1...525354...70 Next