← Back

Gitlab

gitlab

1,397 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,382 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,397)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-20142
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
CVE-2020-6832
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
CVE-2020-5197
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
4.3 MEDIUM· v3
3.5 LOW· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVE-2019-20148
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
CVE-2019-20147
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
CVE-2019-20146
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.
CVE-2019-20145
1Gitlab
1Gitlab
Nov 21, 2024
Jan 13, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.
CVE-2019-19629
1Gitlab
1Gitlab
Nov 21, 2024
Jan 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
CVE-2019-19628
1Gitlab
1Gitlab
Nov 21, 2024
Jan 5, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditio...Show more
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.Show less
CVE-2019-19314
1Gitlab
1Gitlab
Nov 21, 2024
Jan 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
CVE-2019-19313
1Gitlab
1Gitlab
Nov 21, 2024
Jan 5, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
CVE-2019-19312
1Gitlab
1Gitlab
Nov 21, 2024
Jan 5, 2020
N/A· v4
5.8 MEDIUM· v3
5.0 MEDIUM· v2
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the AP...Show more
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.Show less
CVE-2019-19310
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
CVE-2019-19309
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
CVE-2019-19263
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
CVE-2019-19262
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
CVE-2019-19261
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
CVE-2019-19260
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
CVE-2019-19259
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
CVE-2019-19258
1Gitlab
1Gitlab
Nov 21, 2024
Jan 3, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.