CE/EE
by GitLab Inc.
Source repositories
CVEs (414)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10953 | 0.00 | — | 0.00 | Mar 27, 2020 | In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | |||
| CVE-2020-10073 | 0.00 | — | 0.00 | Mar 13, 2020 | GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | |||
| CVE-2020-10077 | 0.00 | — | 0.00 | Mar 13, 2020 | GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. | |||
| CVE-2019-12442 | 0.00 | — | 0.00 | Mar 10, 2020 | An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||
| CVE-2020-6833 | 0.00 | — | 0.00 | Feb 5, 2020 | An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | |||
| CVE-2020-7966 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||
| CVE-2020-7967 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | |||
| CVE-2020-7968 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | |||
| CVE-2020-7969 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | |||
| CVE-2020-7971 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 11.0 and later through 12.7.2 allows XSS. | |||
| CVE-2020-7972 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). | |||
| CVE-2020-7974 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | |||
| CVE-2020-7976 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | |||
| CVE-2020-7977 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. | |||
| CVE-2020-7978 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||
| CVE-2020-7979 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||
| CVE-2020-8114 | 0.00 | — | 0.00 | Feb 5, 2020 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | |||
| CVE-2019-15578 | 0.00 | — | 0.00 | Jan 28, 2020 | An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | |||
| CVE-2019-15579 | 0.00 | — | 0.00 | Jan 28, 2020 | An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | |||
| CVE-2019-5466 | 0.00 | — | 0.00 | Jan 28, 2020 | An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. |
- CVE-2020-10953Mar 27, 2020risk 0.00cvss —epss 0.00
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
- CVE-2020-10073Mar 13, 2020risk 0.00cvss —epss 0.00
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
- CVE-2020-10077Mar 13, 2020risk 0.00cvss —epss 0.00
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
- CVE-2019-12442Mar 10, 2020risk 0.00cvss —epss 0.00
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.
- CVE-2020-6833Feb 5, 2020risk 0.00cvss —epss 0.00
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
- CVE-2020-7966Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
- CVE-2020-7967Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
- CVE-2020-7968Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
- CVE-2020-7969Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
- CVE-2020-7971Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 11.0 and later through 12.7.2 allows XSS.
- CVE-2020-7972Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
- CVE-2020-7974Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
- CVE-2020-7976Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
- CVE-2020-7977Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
- CVE-2020-7978Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
- CVE-2020-7979Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
- CVE-2020-8114Feb 5, 2020risk 0.00cvss —epss 0.00
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
- CVE-2019-15578Jan 28, 2020risk 0.00cvss —epss 0.00
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
- CVE-2019-15579Jan 28, 2020risk 0.00cvss —epss 0.00
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
- CVE-2019-5466Jan 28, 2020risk 0.00cvss —epss 0.00
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
Page 19 of 21