GitLab Enterprise Edition
by GitLab Inc.
Source repositories
CVEs (80)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-19258 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2019-19257 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | ||
| CVE-2019-19256 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2019-19254 | Med | 0.28 | 5.3 | 0.01 | Jan 3, 2020 | GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2018-20488 | Med | 0.28 | 4.3 | 0.01 | Dec 30, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. | ||
| CVE-2019-18447 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. | ||
| CVE-2019-18463 | Med | 0.28 | 4.3 | 0.01 | Nov 26, 2019 | An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | ||
| CVE-2019-15734 | Med | 0.28 | 4.3 | 0.01 | Sep 16, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | ||
| CVE-2019-6795 | Med | 0.28 | 5.4 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be… | ||
| CVE-2019-11544 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and… | ||
| CVE-2019-9219 | Low | 0.24 | 3.7 | 0.01 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). | ||
| CVE-2019-19309 | Med | 0.21 | 4.3 | 0.01 | Jan 3, 2020 | GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2019-19259 | Med | 0.21 | 4.3 | 0.01 | Jan 3, 2020 | GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). | ||
| CVE-2019-19255 | Med | 0.21 | 4.3 | 0.01 | Jan 3, 2020 | GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | ||
| CVE-2019-19087 | Med | 0.21 | 4.3 | 0.01 | Jan 3, 2020 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). | ||
| CVE-2019-19086 | Med | 0.21 | 4.3 | 0.01 | Jan 3, 2020 | Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | ||
| CVE-2019-6996 | Med | 0.21 | 4.3 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers… | ||
| CVE-2019-6794 | Med | 0.21 | 4.3 | 0.01 | Sep 9, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. | ||
| CVE-2014-3456 | 0.00 | — | 0.01 | May 13, 2014 | Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4580 | 0.00 | — | 0.01 | May 12, 2014 | GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. |
- risk 0.28cvss 5.3epss 0.01
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
- risk 0.28cvss 5.3epss 0.01
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
- risk 0.28cvss 5.3epss 0.01
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
- risk 0.28cvss 5.3epss 0.01
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
- risk 0.28cvss 5.4epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and…
- risk 0.24cvss 3.7epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
- risk 0.21cvss 4.3epss 0.01
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
- risk 0.21cvss 4.3epss 0.01
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
- risk 0.21cvss 4.3epss 0.01
GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.
- risk 0.21cvss 4.3epss 0.01
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
- risk 0.21cvss 4.3epss 0.01
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
- risk 0.21cvss 4.3epss 0.01
An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers…
- risk 0.21cvss 4.3epss 0.01
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.
- CVE-2014-3456May 13, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4580May 12, 2014risk 0.00cvss —epss 0.01
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
Page 4 of 4