VYPR

apk package

chainguard/gitlab-operator

pkg:apk/chainguard/gitlab-operator

Vulnerabilities (143)

  • CVE-2019-18449MedNov 26, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).

  • CVE-2019-18448MedNov 26, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.

  • CVE-2019-18447MedNov 26, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.

  • CVE-2019-18463MedNov 26, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).

  • CVE-2019-15737MedSep 16, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.

  • CVE-2019-15736HigSep 16, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.

  • CVE-2019-15726MedSep 16, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

  • CVE-2019-6791MedSep 9, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its p

  • CVE-2019-6795MedSep 9, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be u

  • CVE-2019-6794MedSep 9, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.

  • CVE-2019-6784MedSep 9, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persisten

  • CVE-2018-19580MedJul 10, 2019
    affected < 0fixed 0

    All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.

  • CVE-2018-19495MedJul 10, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.

  • CVE-2019-9485CriMay 29, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

  • CVE-2019-9221MedMay 29, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).

  • CVE-2019-9218CriMay 29, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).

  • CVE-2019-10112HigMay 16, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

  • CVE-2019-10117MedMay 16, 2019
    affected < 0fixed 0

    An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

  • CVE-2019-10116MedMay 16, 2019
    affected < 0fixed 0

    An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

  • CVE-2019-10115MedMay 16, 2019
    affected < 0fixed 0

    An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code in

Page 5 of 8