GitLab
by GitLab Inc.
Source repositories
CVEs (1,214)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10082 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | |||
| CVE-2020-10083 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | |||
| CVE-2020-10085 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | |||
| CVE-2020-10086 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | |||
| CVE-2020-10087 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | |||
| CVE-2020-10088 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | |||
| CVE-2020-10089 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | |||
| CVE-2020-10090 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. | |||
| CVE-2020-10091 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. | |||
| CVE-2020-10092 | 0.00 | — | 0.01 | Mar 13, 2020 | GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. | |||
| CVE-2020-10535 | 0.00 | — | 0.01 | Mar 12, 2020 | GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | |||
| CVE-2019-13009 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. | |||
| CVE-2019-13007 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||
| CVE-2019-13006 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. | |||
| CVE-2019-13005 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect… | |||
| CVE-2019-13003 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. | |||
| CVE-2019-13001 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||
| CVE-2019-12446 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | |||
| CVE-2019-12444 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||
| CVE-2019-12441 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. |
- CVE-2020-10082Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
- CVE-2020-10083Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
- CVE-2020-10085Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
- CVE-2020-10086Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
- CVE-2020-10087Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
- CVE-2020-10088Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.
- CVE-2020-10089Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,
- CVE-2020-10090Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
- CVE-2020-10091Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.
- CVE-2020-10092Mar 13, 2020risk 0.00cvss —epss 0.01
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
- CVE-2020-10535Mar 12, 2020risk 0.00cvss —epss 0.01
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.
- CVE-2019-13009Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.
- CVE-2019-13007Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.
- CVE-2019-13006Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.
- CVE-2019-13005Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect…
- CVE-2019-13003Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.
- CVE-2019-13001Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.
- CVE-2019-12446Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message.
- CVE-2019-12444Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.
- CVE-2019-12441Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.
Page 54 of 61