VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2020-11506HigApr 22, 2020
    affected >= 10.7.0, < 12.7.9fixed 12.7.9

    An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.

  • CVE-2020-11505HigApr 22, 2020
    affected < 12.7.9fixed 12.7.9

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

  • CVE-2020-10981MedApr 8, 2020
    affected >= 9.0.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.

  • CVE-2020-10980CriApr 8, 2020
    affected >= 8.0.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.

  • CVE-2020-10979MedApr 8, 2020
    affected >= 11.10.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.

  • CVE-2020-10978MedApr 8, 2020
    affected >= 8.11.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.

  • CVE-2020-10977MedApr 8, 2020
    affected >= 8.5.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

  • CVE-2020-10976HigApr 8, 2020
    affected >= 8.17.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.

  • CVE-2020-10975MedApr 8, 2020
    affected >= 10.8.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.

  • CVE-2020-10956CriMar 27, 2020
    affected >= 8.10.0, < 12.9.1fixed 12.9.1

    GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

  • CVE-2020-10955MedMar 27, 2020
    affected >= 11.1.0, < 12.9.1fixed 12.9.1

    GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

  • CVE-2020-10954HigMar 27, 2020
    affected < 12.9.1fixed 12.9.1

    GitLab through 12.9 is affected by a potential DoS in repository archive download.

  • CVE-2020-10953HigMar 27, 2020
    affected >= 11.7.0, < 12.9.1fixed 12.9.1

    In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

  • CVE-2020-10952MedMar 27, 2020
    affected >= 8.11.0, < 12.9.2fixed 12.9.2

    GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

  • CVE-2020-10077CriMar 13, 2020
    affected >= 3.0.0, < 12.8.2fixed 12.8.2

    GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.

  • CVE-2020-10076MedMar 13, 2020
    affected >= 12.1.0, < 12.8.2fixed 12.8.2

    GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.

  • CVE-2020-10075MedMar 13, 2020
    affected >= 12.5.0, < 12.8.2fixed 12.8.2

    GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.

  • CVE-2020-10074CriMar 13, 2020
    affected >= 10.1.0, < 12.8.2fixed 12.8.2

    GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.

  • CVE-2020-10073HigMar 13, 2020
    affected >= 12.4.2, < 12.8.2fixed 12.8.2

    GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.

  • CVE-2020-10092MedMar 13, 2020
    affected >= 12.1.0, < 12.8.2fixed 12.8.2

    GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.