VYPR

GitLab Community Edition

by GitLab Inc.

Source repositories

CVEs (109)

  • CVE-2018-17454MedApr 15, 2023
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.

  • CVE-2019-13004MedMar 10, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2).

  • CVE-2019-12445MedMar 10, 2020
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.

  • CVE-2019-15578MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

  • CVE-2019-20147MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.

  • CVE-2018-20495MedDec 30, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

  • CVE-2018-20489MedDec 30, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

  • CVE-2019-18456MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).

  • CVE-2019-15740MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.

  • CVE-2019-15732MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.

  • CVE-2019-15727MedSep 16, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.

  • CVE-2019-6791MedSep 9, 2019
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its…

  • CVE-2019-11548MedSep 9, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.

  • CVE-2019-11546MedSep 9, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to…

  • CVE-2018-19580MedJul 10, 2019
    risk 0.35cvss 5.3epss 0.01

    All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.

  • CVE-2019-6787MedMay 17, 2019
    risk 0.35cvss 6.5epss 0.01

    An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.

  • CVE-2019-9225MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).

  • CVE-2019-9224MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).

  • CVE-2018-17975MedDec 4, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.

  • CVE-2018-12607MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

Page 4 of 6