VYPR

GitLab Community Edition

by GitLab Inc.

Source repositories

CVEs (109)

  • CVE-2018-12605MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

  • CVE-2018-17453MedApr 15, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

  • CVE-2018-20497MedDec 30, 2019
    risk 0.33cvss 5.0epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

  • CVE-2019-6796MedApr 11, 2019
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.

  • CVE-2019-13002MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.

  • CVE-2019-12432MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.

  • CVE-2019-20144MedJan 13, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

  • CVE-2019-20142MedJan 13, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

  • CVE-2019-19257MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).

  • CVE-2019-19254MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

  • CVE-2018-20498MedDec 30, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

  • CVE-2018-20488MedDec 30, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

  • CVE-2019-18447MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.

  • CVE-2019-18446MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).

  • CVE-2019-18463MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).

  • CVE-2019-15734MedSep 16, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.

  • CVE-2019-6795MedSep 9, 2019
    risk 0.28cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be…

  • CVE-2019-11545MedSep 9, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.

  • CVE-2019-11544MedSep 9, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and…

  • CVE-2018-14606MedJul 27, 2018
    risk 0.28cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

Page 5 of 6