VYPR

GitLab Enterprise Edition

by GitLab Inc.

Source repositories

CVEs (80)

  • CVE-2017-0922HigMar 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

  • CVE-2017-0925HigMar 21, 2018
    risk 0.47cvss 7.2epss 0.01

    Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

  • CVE-2018-15472HigApr 15, 2023
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

  • CVE-2019-12429MedMar 10, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.

  • CVE-2013-4582MedJan 28, 2020
    risk 0.42cvss 6.5epss 0.02

    The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to…

  • CVE-2019-6797HigMay 17, 2019
    risk 0.42cvss 7.5epss 0.02

    An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.

  • CVE-2019-10115MedMay 16, 2019
    risk 0.42cvss 6.5epss 0.01

    An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code…

  • CVE-2019-11000MedMay 10, 2019
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.

  • CVE-2018-18644MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

  • CVE-2018-18640MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.

  • CVE-2017-11437MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

  • CVE-2017-11438MedAug 2, 2017
    risk 0.41cvss 6.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

  • CVE-2019-18451MedNov 26, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect.

  • CVE-2019-15739MedSep 16, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.

  • CVE-2019-10117MedMay 16, 2019
    risk 0.40cvss 6.1epss 0.01

    An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

  • CVE-2018-16050MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.

  • CVE-2018-9243MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.01

    GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and…

  • CVE-2019-16170HigSep 16, 2019
    risk 0.39cvss 7.1epss 0.01

    An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

  • CVE-2019-6793HigSep 9, 2019
    risk 0.39cvss 7.0epss 0.04

    An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

  • CVE-2019-13010MedMar 10, 2020
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.