VYPR

GitLab Enterprise Edition

by GitLab Inc.

Source repositories

CVEs (80)

  • CVE-2019-12445MedMar 10, 2020
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.

  • CVE-2019-15578MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

  • CVE-2020-6832MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

  • CVE-2019-20147MedJan 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.

  • CVE-2018-20507MedDec 30, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

  • CVE-2018-20491MedDec 30, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

  • CVE-2019-11548MedSep 9, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.

  • CVE-2019-6787MedMay 17, 2019
    risk 0.35cvss 6.5epss 0.01

    An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.

  • CVE-2019-9224MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).

  • CVE-2018-12607MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

  • CVE-2018-12605MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

  • CVE-2018-17453MedApr 15, 2023
    risk 0.34cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

  • CVE-2019-6796MedApr 11, 2019
    risk 0.33cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.

  • CVE-2019-19310MedJan 3, 2020
    risk 0.32cvss 4.9epss 0.01

    GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.

  • CVE-2019-13011MedMar 10, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.

  • CVE-2019-12825MedFeb 17, 2020
    risk 0.28cvss 4.3epss 0.01

    Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not…

  • CVE-2019-20144MedJan 13, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

  • CVE-2019-20142MedJan 13, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

  • CVE-2019-19263MedJan 3, 2020
    risk 0.28cvss 4.3epss 0.01

    GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.

  • CVE-2019-19262MedJan 3, 2020
    risk 0.28cvss 4.3epss 0.01

    GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.