VYPR

GitLab Community Edition

by GitLab Inc.

Source repositories

CVEs (109)

  • CVE-2019-18460HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

  • CVE-2019-15730HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any…

  • CVE-2019-15728HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.

  • CVE-2019-15725HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.

  • CVE-2019-11605HigSep 9, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped…

  • CVE-2018-20229HigApr 4, 2019
    risk 0.49cvss 7.5epss 0.02

    GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.

  • CVE-2018-18648HigDec 4, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.

  • CVE-2017-0922HigMar 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

  • CVE-2017-0914HigMar 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

  • CVE-2018-20499HigDec 30, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

  • CVE-2017-0925HigMar 21, 2018
    risk 0.47cvss 7.2epss 0.01

    Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

  • CVE-2018-15472HigApr 15, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

  • CVE-2019-12429MedMar 10, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.

  • CVE-2013-4582MedJan 28, 2020
    risk 0.42cvss 6.5epss 0.02

    The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to…

  • CVE-2019-15737MedSep 16, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.

  • CVE-2019-6781HigMay 17, 2019
    risk 0.42cvss 7.5epss 0.01

    An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.

  • CVE-2019-10115MedMay 16, 2019
    risk 0.42cvss 6.5epss 0.01

    An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code…

  • CVE-2018-18647MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.

  • CVE-2018-18644MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

  • CVE-2018-18640MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.

Page 2 of 6