VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-10082MedMar 13, 2020
    risk 0.35cvss 5.3epss 0.01

    GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.

  • CVE-2020-10080MedMar 13, 2020
    risk 0.35cvss 5.3epss 0.01

    GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.

  • CVE-2020-10079MedMar 13, 2020
    risk 0.35cvss 5.3epss 0.01

    GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.

  • CVE-2020-10535MedMar 12, 2020
    risk 0.35cvss 5.3epss 0.01

    GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

  • CVE-2019-12433MedMar 10, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.

  • CVE-2019-15582MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

  • CVE-2019-15581MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.

  • CVE-2019-15579MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.

  • CVE-2019-20143MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.

  • CVE-2019-20148MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.

  • CVE-2019-20146MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.

  • CVE-2018-20496MedDec 30, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

  • CVE-2018-20490MedDec 30, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

  • CVE-2019-5487MedDec 18, 2019
    risk 0.35cvss 5.3epss 0.01

    An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.

  • CVE-2019-18452MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.

  • CVE-2019-18459MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).

  • CVE-2019-15738MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.

  • CVE-2019-15731MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.

  • CVE-2019-15726MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

  • CVE-2019-15723MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

Page 24 of 61