VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-5197MedJan 13, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.

  • CVE-2019-19260MedJan 3, 2020
    risk 0.28cvss 5.4epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).

  • CVE-2018-20493MedDec 30, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

  • CVE-2019-18453MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.

  • CVE-2019-18450MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.

  • CVE-2019-18449MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).

  • CVE-2019-18462MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.

  • CVE-2019-18461MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.

  • CVE-2019-15733MedSep 16, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.

  • CVE-2019-6792MedSep 9, 2019
    risk 0.28cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.

  • CVE-2018-19494MedJul 10, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.

  • CVE-2019-10116MedMay 16, 2019
    risk 0.28cvss 4.3epss 0.01

    An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

  • CVE-2018-18645MedDec 4, 2018
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

  • CVE-2018-14605MedJul 27, 2018
    risk 0.28cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

  • CVE-2017-0920MedMar 22, 2018
    risk 0.28cvss 4.3epss 0.01

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab…

  • CVE-2023-2200MedJul 13, 2023
    risk 0.27cvss 4.1epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.

  • CVE-2022-0738MedMar 28, 2022
    risk 0.27cvss 4.2epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific…

  • CVE-2021-22240MedAug 5, 2021
    risk 0.27cvss 4.2epss 0.01

    Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

  • CVE-2021-22183MedMar 4, 2021
    risk 0.27cvss 4.1epss 0.01

    An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.

  • CVE-2020-13294MedAug 10, 2020
    risk 0.27cvss 4.2epss 0.01

    In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.

Page 36 of 61