VYPR

GitLab Enterprise Edition

by GitLab Inc.

Source repositories

CVEs (80)

  • CVE-2019-19258MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.

  • CVE-2019-19257MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).

  • CVE-2019-19256MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.

  • CVE-2019-19254MedJan 3, 2020
    risk 0.28cvss 5.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

  • CVE-2018-20488MedDec 30, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.

  • CVE-2019-18447MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.

  • CVE-2019-18463MedNov 26, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).

  • CVE-2019-15734MedSep 16, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.

  • CVE-2019-6795MedSep 9, 2019
    risk 0.28cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be…

  • CVE-2019-11544MedSep 9, 2019
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and…

  • CVE-2019-9219LowApr 17, 2019
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).

  • CVE-2019-19309MedJan 3, 2020
    risk 0.21cvss 4.3epss 0.01

    GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.

  • CVE-2019-19259MedJan 3, 2020
    risk 0.21cvss 4.3epss 0.01

    GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).

  • CVE-2019-19255MedJan 3, 2020
    risk 0.21cvss 4.3epss 0.01

    GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.

  • CVE-2019-19087MedJan 3, 2020
    risk 0.21cvss 4.3epss 0.01

    Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).

  • CVE-2019-19086MedJan 3, 2020
    risk 0.21cvss 4.3epss 0.01

    Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).

  • CVE-2019-6996MedSep 9, 2019
    risk 0.21cvss 4.3epss 0.01

    An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers…

  • CVE-2019-6794MedSep 9, 2019
    risk 0.21cvss 4.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch.

  • CVE-2014-3456May 13, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-4580May 12, 2014
    risk 0.00cvss epss 0.01

    GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.

Page 4 of 4