← Back

Gitlab

gitlab

1,397 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,382 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,397)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-12428
1Gitlab
1Gitlab
Nov 21, 2024
Mar 10, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has...Show more
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.Show less
CVE-2020-8113
1Gitlab
1Gitlab
Nov 21, 2024
Mar 6, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
CVE-2020-8795
1Gitlab
1Gitlab
Nov 21, 2024
Feb 17, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
CVE-2019-12825
1Gitlab
1Gitlab
Nov 21, 2024
Feb 17, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate u...Show more
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.Show less
CVE-2019-15594
1Gitlab
1Gitlab
Nov 21, 2024
Feb 14, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVE-2019-15592
1Gitlab
1Gitlab
Nov 21, 2024
Feb 14, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
CVE-2020-6833
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
CVE-2020-7978
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
CVE-2020-7977
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVE-2020-7976
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
CVE-2020-7974
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVE-2020-7973
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
GitLab through 12.7.2 allows XSS.
CVE-2020-7972
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
CVE-2020-7971
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVE-2020-7969
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVE-2020-7968
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVE-2020-7967
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
CVE-2020-7966
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
CVE-2020-8114
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVE-2020-7979
1Gitlab
1Gitlab
Nov 21, 2024
Feb 5, 2020
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission