Filtered by vendor Gitlab
Subscribe
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | |||||
| CVE-2019-5462 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | |||||
| CVE-2019-19262 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. | |||||
| CVE-2019-10114 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data. | |||||
| CVE-2019-9732 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. | |||||
| CVE-2019-9170 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. | |||||
| CVE-2019-6794 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. | |||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
| CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-20144 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-9218 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). | |||||
| CVE-2019-15722 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||||
| CVE-2019-9485 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-6790 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. | |||||
| CVE-2019-9217 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. | |||||
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2019-6786 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. | |||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.9 MEDIUM | 3.5 LOW |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | |||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2020-08-17 | 5.5 MEDIUM | 8.1 HIGH |
| In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | |||||