GitLab
by GitLab Inc.
Source repositories
CVEs (1,214)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5197 | Med | 0.28 | 4.3 | 0.01 | Jan 13, 2020 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | ||
| CVE-2019-19260 | Med | 0.28 | 5.4 | 0.01 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | ||
| CVE-2018-20493 | Med | 0.28 | 4.3 | 0.01 | Dec 30, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||
| CVE-2019-18453 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. | ||
| CVE-2019-18450 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. | ||
| CVE-2019-18449 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). | ||
| CVE-2019-18462 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | ||
| CVE-2019-18461 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. | ||
| CVE-2019-15733 | Med | 0.28 | 4.3 | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | ||
| CVE-2019-6792 | Med | 0.28 | 5.3 | 0.02 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. | ||
| CVE-2018-19494 | Med | 0.28 | 4.3 | 0.01 | Jul 10, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | ||
| CVE-2019-10116 | Med | 0.28 | 4.3 | 0.01 | May 16, 2019 | An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. | ||
| CVE-2018-18645 | Med | 0.28 | 4.3 | 0.01 | Dec 4, 2018 | An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. | ||
| CVE-2018-14605 | Med | 0.28 | 5.4 | 0.01 | Jul 27, 2018 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | ||
| CVE-2017-0920 | Med | 0.28 | 4.3 | 0.01 | Mar 22, 2018 | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab… | ||
| CVE-2023-2200 | Med | 0.27 | 4.1 | 0.00 | Jul 13, 2023 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field. | ||
| CVE-2022-0738 | Med | 0.27 | 4.2 | 0.01 | Mar 28, 2022 | An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific… | ||
| CVE-2021-22240 | Med | 0.27 | 4.2 | 0.01 | Aug 5, 2021 | Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled | ||
| CVE-2021-22183 | Med | 0.27 | 4.1 | 0.01 | Mar 4, 2021 | An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. | ||
| CVE-2020-13294 | Med | 0.27 | 4.2 | 0.01 | Aug 10, 2020 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. |
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
- risk 0.28cvss 5.4epss 0.01
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
- risk 0.28cvss 5.3epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
- risk 0.28cvss 4.3epss 0.01
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.
- risk 0.28cvss 5.4epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
- risk 0.28cvss 4.3epss 0.01
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab…
- risk 0.27cvss 4.1epss 0.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.
- risk 0.27cvss 4.2epss 0.01
An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific…
- risk 0.27cvss 4.2epss 0.01
Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled
- risk 0.27cvss 4.1epss 0.01
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
- risk 0.27cvss 4.2epss 0.01
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
Page 36 of 61