VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-13268Jun 10, 2020
    risk 0.00cvss epss 0.01

    A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1

  • CVE-2020-13267Jun 10, 2020
    risk 0.00cvss epss 0.02

    A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1

  • CVE-2020-13271Jun 10, 2020
    risk 0.00cvss epss 0.02

    A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1

  • CVE-2020-13266Jun 9, 2020
    risk 0.00cvss epss 0.01

    Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions

  • CVE-2020-12275Apr 29, 2020
    risk 0.00cvss epss 0.01

    GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.

  • CVE-2020-12276Apr 29, 2020
    risk 0.00cvss epss 0.01

    GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.

  • CVE-2020-12277Apr 29, 2020
    risk 0.00cvss epss 0.01

    GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

  • CVE-2020-11506Apr 22, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.

  • CVE-2020-11505Apr 22, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.

  • CVE-2020-10952Mar 27, 2020
    risk 0.00cvss epss 0.01

    GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

  • CVE-2020-10954Mar 27, 2020
    risk 0.00cvss epss 0.01

    GitLab through 12.9 is affected by a potential DoS in repository archive download.

  • CVE-2020-10955Mar 27, 2020
    risk 0.00cvss epss 0.01

    GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

  • CVE-2020-10956Mar 27, 2020
    risk 0.00cvss epss 0.01

    GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

  • CVE-2020-10074Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.

  • CVE-2020-10075Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.

  • CVE-2020-10076Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.

  • CVE-2020-10078Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.

  • CVE-2020-10079Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.

  • CVE-2020-10080Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.

  • CVE-2020-10081Mar 13, 2020
    risk 0.00cvss epss 0.01

    GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.

Page 53 of 61