VYPR

apk package

chainguard/gitlab-operator

pkg:apk/chainguard/gitlab-operator

Vulnerabilities (143)

  • CVE-2018-15472Apr 15, 2023
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

  • CVE-2020-14155Jun 15, 2020
    affected < 0fixed 0

    libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

  • CVE-2020-11505Apr 22, 2020
    affected < 0fixed 0

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

  • CVE-2020-10954Mar 27, 2020
    affected < 0fixed 0

    GitLab through 12.9 is affected by a potential DoS in repository archive download.

  • CVE-2020-10081Mar 13, 2020
    affected < 0fixed 0

    GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.

  • CVE-2020-10087Mar 13, 2020
    affected < 0fixed 0

    GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.

  • CVE-2019-13003Mar 10, 2020
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.

  • CVE-2020-7968Feb 5, 2020
    affected < 0fixed 0

    GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

  • CVE-2020-7973Feb 5, 2020
    affected < 0fixed 0

    GitLab through 12.7.2 allows XSS.

  • CVE-2019-19260Jan 3, 2020
    affected < 0fixed 0

    GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).

  • CVE-2019-19257Jan 3, 2020
    affected < 0fixed 0

    GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).

  • CVE-2019-15584Dec 20, 2019
    affected < 0fixed 0

    A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.

  • CVE-2019-15589Dec 18, 2019
    affected < 0fixed 0

    An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.

  • CVE-2019-15575Dec 18, 2019
    affected < 0fixed 0

    A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

  • CVE-2019-15576Dec 18, 2019
    affected < 0fixed 0

    An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

  • CVE-2019-15577Dec 18, 2019
    affected < 0fixed 0

    An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.

  • CVE-2019-15580Dec 18, 2019
    affected < 0fixed 0

    An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted

  • CVE-2019-5486Dec 18, 2019
    affected < 0fixed 0

    A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.

  • CVE-2019-15591Dec 18, 2019
    affected < 0fixed 0

    An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

  • CVE-2019-18447Nov 26, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.

Page 4 of 8