Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6793 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 7.0 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
CVE-2019-6792 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error messa...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.Show less
CVE-2019-6789 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project perm...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user.Show less
CVE-2019-6788 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbuck...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.Show less
CVE-2019-6786 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be acces...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.Show less
CVE-2019-6785 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could c...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.Show less
CVE-2019-6784 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and outpu...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.Show less
CVE-2019-6783 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote comman...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.Show less
CVE-2019-6782 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contrib...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.Show less
CVE-2019-11605 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would...Show more An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.Show less
CVE-2019-11549 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT cr...Show more An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.Show less
CVE-2019-11548 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorizati...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.Show less
CVE-2019-11547 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request no...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.Show less
CVE-2019-11546 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple tim...Show more An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.Show less
CVE-2019-11545 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked...Show more An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.Show less
CVE-2019-11544 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscri...Show more An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.Show less
CVE-2019-5473 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVE-2019-5471 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5467 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5463 1Gitlab 1Gitlab Nov 21, 2024 Sep 9, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Previous 1...626364...70 Next