Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-4583 1Gitlab 2Gitlab Gitlab Shell Nov 21, 2024 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privil...Show more The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.Show less
CVE-2013-4582 1Gitlab 2Gitlab Gitlab Shell Nov 21, 2024 Jan 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-s...Show more The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.Show less
CVE-2019-5474 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.
CVE-2019-5472 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
CVE-2019-5470 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
CVE-2019-5468 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.
CVE-2019-5466 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
CVE-2019-5465 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVE-2019-5464 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVE-2019-5462 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVE-2019-15590 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature p...Show more An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integrationShow less
CVE-2019-15586 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-15585 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeov...Show more Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.Show less
CVE-2019-15583 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private...Show more An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.Show less
CVE-2019-15582 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
CVE-2019-15581 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request appro...Show more An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.Show less
CVE-2019-15579 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to...Show more An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.Show less
CVE-2019-15578 1Gitlab 1Gitlab Nov 21, 2024 Jan 28, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubs...Show more An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.Show less
CVE-2019-20144 1Gitlab 1Gitlab Nov 21, 2024 Jan 13, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.
CVE-2019-20143 1Gitlab 1Gitlab Nov 21, 2024 Jan 13, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

Previous 1...565758...70 Next