GitLab
by GitLab Inc.
Source repositories
CVEs (1,214)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18454 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. | |||
| CVE-2019-18455 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. | |||
| CVE-2019-18457 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. | |||
| CVE-2019-18459 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). | |||
| CVE-2019-18461 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. | |||
| CVE-2019-18462 | 0.00 | — | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | |||
| CVE-2019-15593 | 0.00 | — | 0.02 | Nov 22, 2019 | GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | |||
| CVE-2019-15729 | 0.00 | — | 0.02 | Sep 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. | |||
| CVE-2019-15738 | 0.00 | — | 0.02 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | |||
| CVE-2019-15736 | 0.00 | — | 0.02 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | |||
| CVE-2019-15733 | 0.00 | — | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. | |||
| CVE-2019-15731 | 0.00 | — | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. | |||
| CVE-2019-15726 | 0.00 | — | 0.02 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||
| CVE-2019-15723 | 0.00 | — | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. | |||
| CVE-2019-15722 | 0.00 | — | 0.02 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. | |||
| CVE-2019-15721 | 0.00 | — | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. | |||
| CVE-2019-7176 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they… | |||
| CVE-2019-6995 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. | |||
| CVE-2019-6960 | 0.00 | — | 0.02 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. | |||
| CVE-2019-6792 | 0.00 | — | 0.02 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. |
- CVE-2019-18454Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.
- CVE-2019-18455Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.
- CVE-2019-18457Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.
- CVE-2019-18459Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).
- CVE-2019-18461Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
- CVE-2019-18462Nov 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
- CVE-2019-15593Nov 22, 2019risk 0.00cvss —epss 0.02
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
- CVE-2019-15729Sep 17, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
- CVE-2019-15738Sep 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
- CVE-2019-15736Sep 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
- CVE-2019-15733Sep 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
- CVE-2019-15731Sep 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.
- CVE-2019-15726Sep 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
- CVE-2019-15723Sep 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.
- CVE-2019-15722Sep 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
- CVE-2019-15721Sep 16, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
- CVE-2019-7176Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they…
- CVE-2019-6995Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.
- CVE-2019-6960Sep 9, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
- CVE-2019-6792Sep 9, 2019risk 0.00cvss —epss 0.02
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
Page 57 of 61