apk package
chainguard/gitlab-operator
pkg:apk/chainguard/gitlab-operator
Vulnerabilities (143)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-15472 | — | < 0 | 0 | Apr 15, 2023 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | ||
| CVE-2020-14155 | — | < 0 | 0 | Jun 15, 2020 | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | ||
| CVE-2020-11505 | — | < 0 | 0 | Apr 22, 2020 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. | ||
| CVE-2020-10954 | — | < 0 | 0 | Mar 27, 2020 | GitLab through 12.9 is affected by a potential DoS in repository archive download. | ||
| CVE-2020-10081 | — | < 0 | 0 | Mar 13, 2020 | GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | ||
| CVE-2020-10087 | — | < 0 | 0 | Mar 13, 2020 | GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | ||
| CVE-2019-13003 | — | < 0 | 0 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | ||
| CVE-2020-7968 | — | < 0 | 0 | Feb 5, 2020 | GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | ||
| CVE-2020-7973 | — | < 0 | 0 | Feb 5, 2020 | GitLab through 12.7.2 allows XSS. | ||
| CVE-2019-19260 | — | < 0 | 0 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | ||
| CVE-2019-19257 | — | < 0 | 0 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | ||
| CVE-2019-15584 | — | < 0 | 0 | Dec 20, 2019 | A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | ||
| CVE-2019-15589 | — | < 0 | 0 | Dec 18, 2019 | An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. | ||
| CVE-2019-15575 | — | < 0 | 0 | Dec 18, 2019 | A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. | ||
| CVE-2019-15576 | — | < 0 | 0 | Dec 18, 2019 | An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | ||
| CVE-2019-15577 | — | < 0 | 0 | Dec 18, 2019 | An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. | ||
| CVE-2019-15580 | — | < 0 | 0 | Dec 18, 2019 | An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted | ||
| CVE-2019-5486 | — | < 0 | 0 | Dec 18, 2019 | A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | ||
| CVE-2019-15591 | — | < 0 | 0 | Dec 18, 2019 | An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. | ||
| CVE-2019-18447 | — | < 0 | 0 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. |
- CVE-2018-15472Apr 15, 2023affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
- CVE-2020-14155Jun 15, 2020affected < 0fixed 0
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
- CVE-2020-11505Apr 22, 2020affected < 0fixed 0
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
- CVE-2020-10954Mar 27, 2020affected < 0fixed 0
GitLab through 12.9 is affected by a potential DoS in repository archive download.
- CVE-2020-10081Mar 13, 2020affected < 0fixed 0
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
- CVE-2020-10087Mar 13, 2020affected < 0fixed 0
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
- CVE-2019-13003Mar 10, 2020affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.
- CVE-2020-7968Feb 5, 2020affected < 0fixed 0
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
- CVE-2020-7973Feb 5, 2020affected < 0fixed 0
GitLab through 12.7.2 allows XSS.
- CVE-2019-19260Jan 3, 2020affected < 0fixed 0
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
- CVE-2019-19257Jan 3, 2020affected < 0fixed 0
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
- CVE-2019-15584Dec 20, 2019affected < 0fixed 0
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
- CVE-2019-15589Dec 18, 2019affected < 0fixed 0
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
- CVE-2019-15575Dec 18, 2019affected < 0fixed 0
A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.
- CVE-2019-15576Dec 18, 2019affected < 0fixed 0
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.
- CVE-2019-15577Dec 18, 2019affected < 0fixed 0
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.
- CVE-2019-15580Dec 18, 2019affected < 0fixed 0
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted
- CVE-2019-5486Dec 18, 2019affected < 0fixed 0
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
- CVE-2019-15591Dec 18, 2019affected < 0fixed 0
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
- CVE-2019-18447Nov 26, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
Page 4 of 8