← Back

Gitlab

gitlab

1,397 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,382 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,397)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-18448
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
CVE-2019-18447
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
CVE-2019-18446
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
4.3 MEDIUM· v3
5.5 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).
CVE-2019-18459
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).
CVE-2019-18458
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
2.7 LOW· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).
CVE-2019-18457
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
CVE-2019-18463
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).
CVE-2019-18462
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
CVE-2019-18461
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
CVE-2019-18460
1Gitlab
1Gitlab
Nov 21, 2024
Nov 26, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
CVE-2019-15593
1Gitlab
1Gitlab
Nov 21, 2024
Nov 22, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-15729
1Gitlab
1Gitlab
Nov 21, 2024
Sep 17, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVE-2019-15741
1Gitlab
1Omnibus
Nov 21, 2024
Sep 16, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-15740
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVE-2019-15739
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVE-2019-15738
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
CVE-2019-15737
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVE-2019-15736
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
CVE-2019-15734
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to...Show more
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.Show less
CVE-2019-15733
1Gitlab
1Gitlab
Nov 21, 2024
Sep 16, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.