GitLab
by GitLab Inc.
Source repositories
CVEs (1,214)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12434 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure. | |||
| CVE-2019-12433 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. | |||
| CVE-2019-12431 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. | |||
| CVE-2019-12430 | 0.00 | — | 0.03 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | |||
| CVE-2019-12428 | 0.00 | — | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. | |||
| CVE-2020-8113 | 0.00 | — | 0.01 | Mar 6, 2020 | GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. | |||
| CVE-2019-15594 | 0.00 | — | 0.01 | Feb 14, 2020 | GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. | |||
| CVE-2019-15592 | 0.00 | — | 0.01 | Feb 14, 2020 | GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. | |||
| CVE-2020-7973 | 0.00 | — | 0.01 | Feb 5, 2020 | GitLab through 12.7.2 allows XSS. | |||
| CVE-2013-4582 | 0.00 | — | 0.02 | Jan 28, 2020 | The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to… | |||
| CVE-2013-4583 | 0.00 | — | 0.02 | Jan 28, 2020 | The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | |||
| CVE-2019-5472 | 0.00 | — | 0.02 | Jan 28, 2020 | An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | |||
| CVE-2019-5470 | 0.00 | — | 0.02 | Jan 28, 2020 | An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | |||
| CVE-2019-15579 | 0.00 | — | 0.01 | Jan 28, 2020 | An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | |||
| CVE-2019-5468 | 0.00 | — | 0.02 | Jan 28, 2020 | An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | |||
| CVE-2019-15581 | 0.00 | — | 0.01 | Jan 28, 2020 | An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | |||
| CVE-2019-15582 | 0.00 | — | 0.01 | Jan 28, 2020 | An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | |||
| CVE-2019-15590 | 0.00 | — | 0.01 | Jan 28, 2020 | An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | |||
| CVE-2019-5474 | 0.00 | — | 0.01 | Jan 28, 2020 | An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | |||
| CVE-2019-5465 | 0.00 | — | 0.01 | Jan 28, 2020 | An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. |
- CVE-2019-12434Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.
- CVE-2019-12433Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.
- CVE-2019-12431Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
- CVE-2019-12430Mar 10, 2020risk 0.00cvss —epss 0.03
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.
- CVE-2019-12428Mar 10, 2020risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
- CVE-2020-8113Mar 6, 2020risk 0.00cvss —epss 0.01
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
- CVE-2019-15594Feb 14, 2020risk 0.00cvss —epss 0.01
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
- CVE-2019-15592Feb 14, 2020risk 0.00cvss —epss 0.01
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
- CVE-2020-7973Feb 5, 2020risk 0.00cvss —epss 0.01
GitLab through 12.7.2 allows XSS.
- CVE-2013-4582Jan 28, 2020risk 0.00cvss —epss 0.02
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to…
- CVE-2013-4583Jan 28, 2020risk 0.00cvss —epss 0.02
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
- CVE-2019-5472Jan 28, 2020risk 0.00cvss —epss 0.02
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
- CVE-2019-5470Jan 28, 2020risk 0.00cvss —epss 0.02
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
- CVE-2019-15579Jan 28, 2020risk 0.00cvss —epss 0.01
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
- CVE-2019-5468Jan 28, 2020risk 0.00cvss —epss 0.02
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.
- CVE-2019-15581Jan 28, 2020risk 0.00cvss —epss 0.01
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
- CVE-2019-15582Jan 28, 2020risk 0.00cvss —epss 0.01
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
- CVE-2019-15590Jan 28, 2020risk 0.00cvss —epss 0.01
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
- CVE-2019-5474Jan 28, 2020risk 0.00cvss —epss 0.01
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.
- CVE-2019-5465Jan 28, 2020risk 0.00cvss —epss 0.01
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
Page 55 of 61