VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2019-18454Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.

  • CVE-2019-18455Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.

  • CVE-2019-18457Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.

  • CVE-2019-18459Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).

  • CVE-2019-18461Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.

  • CVE-2019-18462Nov 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.

  • CVE-2019-15593Nov 22, 2019
    risk 0.00cvss epss 0.02

    GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.

  • CVE-2019-15729Sep 17, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.

  • CVE-2019-15738Sep 16, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.

  • CVE-2019-15736Sep 16, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.

  • CVE-2019-15733Sep 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.

  • CVE-2019-15731Sep 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.

  • CVE-2019-15726Sep 16, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

  • CVE-2019-15723Sep 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

  • CVE-2019-15722Sep 16, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.

  • CVE-2019-15721Sep 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

  • CVE-2019-7176Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they…

  • CVE-2019-6995Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.

  • CVE-2019-6960Sep 9, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

  • CVE-2019-6792Sep 9, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.

Page 57 of 61