GitLab Community Edition
by GitLab Inc.
Source repositories
CVEs (109)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12605 | Med | 0.35 | 5.4 | 0.01 | Aug 3, 2018 | An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | ||
| CVE-2018-17453 | Med | 0.34 | 5.3 | 0.01 | Apr 15, 2023 | An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. | ||
| CVE-2018-20497 | Med | 0.33 | 5.0 | 0.01 | Dec 30, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | ||
| CVE-2019-6796 | Med | 0.33 | 6.1 | 0.01 | Apr 11, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. | ||
| CVE-2019-13002 | Med | 0.28 | 4.3 | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. | ||
| CVE-2019-12432 | Med | 0.28 | 4.3 | 0.01 | Mar 10, 2020 | An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. | ||
| CVE-2019-20144 | Med | 0.28 | 4.3 | 0.01 | Jan 13, 2020 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. | ||
| CVE-2019-20142 | Med | 0.28 | 4.3 | 0.01 | Jan 13, 2020 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. | ||
| CVE-2019-19257 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | ||
| CVE-2019-19254 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2018-20498 | Med | 0.28 | 4.3 | 0.01 | Dec 30, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||
| CVE-2018-20488 | Med | 0.28 | 4.3 | 0.01 | Dec 30, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||
| CVE-2019-18447 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. | ||
| CVE-2019-18446 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). | ||
| CVE-2019-18463 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | ||
| CVE-2019-15734 | Med | 0.28 | 4.3 | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | ||
| CVE-2019-6795 | Med | 0.28 | 5.4 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be… | ||
| CVE-2019-11545 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. | ||
| CVE-2019-11544 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and… | ||
| CVE-2018-14606 | Med | 0.28 | 5.4 | 0.01 | Jul 27, 2018 | An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. |
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
- risk 0.34cvss 5.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
- risk 0.33cvss 5.0epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
- risk 0.33cvss 6.1epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
- risk 0.28cvss 5.3epss 0.01
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
- risk 0.28cvss 5.3epss 0.01
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2).
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
- risk 0.28cvss 5.4epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and…
- risk 0.28cvss 5.4epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
Page 5 of 6