VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-26411MedDec 11, 2020
    risk 0.28cvss 4.3epss 0.01

    A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.

  • CVE-2020-26415MedDec 11, 2020
    risk 0.28cvss 4.3epss 0.01

    Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

  • CVE-2020-13349MedNov 17, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5,…

  • CVE-2020-13335MedOct 7, 2020
    risk 0.28cvss 4.3epss 0.01

    Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

  • CVE-2020-13333MedOct 6, 2020
    risk 0.28cvss 4.3epss 0.02

    A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

  • CVE-2020-13326MedSep 30, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.

  • CVE-2020-13319MedSep 30, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.

  • CVE-2020-13313MedSep 14, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

  • CVE-2020-13311MedSep 14, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.

  • CVE-2020-13287MedSep 14, 2020
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues

  • CVE-2020-13265MedJun 19, 2020
    risk 0.28cvss 4.3epss 0.01

    User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

  • CVE-2020-13266MedJun 9, 2020
    risk 0.28cvss 4.3epss 0.01

    Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions

  • CVE-2019-13006MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.

  • CVE-2019-13005MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect…

  • CVE-2019-13001MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.

  • CVE-2019-12434MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.

  • CVE-2019-12431MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.

  • CVE-2019-15594MedFeb 14, 2020
    risk 0.28cvss 4.3epss 0.01

    GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.

  • CVE-2019-15592MedFeb 14, 2020
    risk 0.28cvss 4.3epss 0.01

    GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.

  • CVE-2019-5465MedJan 28, 2020
    risk 0.28cvss 4.3epss 0.01

    An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

Page 35 of 61