VYPR

Vendor CVEs

GitLab Inc.

All CVEs

1,397 total · sorted by risk
  • CVE-2019-11545Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.

  • CVE-2019-11544Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and…

  • CVE-2019-11605Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped…

  • CVE-2019-5473Sep 9, 2019
    risk 0.00cvss epss 0.02

    An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

  • CVE-2019-5471Sep 9, 2019
    risk 0.00cvss epss 0.01

    An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

  • CVE-2019-5467Sep 9, 2019
    risk 0.00cvss epss 0.01

    An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

  • CVE-2019-5463Sep 9, 2019
    risk 0.00cvss epss 0.02

    An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

  • CVE-2019-5461Sep 9, 2019
    risk 0.00cvss epss 0.01

    An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

  • CVE-2019-14943Aug 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.

  • CVE-2018-19578Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

  • CVE-2018-19579Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

  • CVE-2018-19584Jul 10, 2019
    risk 0.00cvss epss 0.02

    GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

  • CVE-2018-19581Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.

  • CVE-2018-19582Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.

  • CVE-2018-19583Jul 10, 2019
    risk 0.00cvss epss 0.02

    GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.

  • CVE-2018-19580Jul 10, 2019
    risk 0.00cvss epss 0.01

    All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.

  • CVE-2018-19574Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

  • CVE-2018-19569Jul 10, 2019
    risk 0.00cvss epss 0.02

    GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

  • CVE-2018-19575Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

  • CVE-2018-19576Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.

  • CVE-2018-19572Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.

  • CVE-2018-19570Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

  • CVE-2018-19573Jul 10, 2019
    risk 0.00cvss epss 0.01

    GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

  • CVE-2018-19577Jul 10, 2019
    risk 0.00cvss epss 0.02

    Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

  • CVE-2018-19496Jul 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to…

  • CVE-2018-19495Jul 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.

  • CVE-2018-19494Jul 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.

  • CVE-2018-19493Jul 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.

  • CVE-2019-9866May 29, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.

  • CVE-2019-9732May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

  • CVE-2019-9485May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

  • CVE-2019-9221May 29, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).

  • CVE-2019-9218May 29, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).

  • CVE-2019-7549May 29, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to…

  • CVE-2019-7353May 17, 2019
    risk 0.00cvss epss 0.02

    An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.

  • CVE-2019-6797May 17, 2019
    risk 0.00cvss epss 0.02

    An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.

  • CVE-2019-6790May 17, 2019
    risk 0.00cvss epss 0.01

    An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.

  • CVE-2019-6787May 17, 2019
    risk 0.00cvss epss 0.01

    An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.

  • CVE-2019-6781May 17, 2019
    risk 0.00cvss epss 0.01

    An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.

  • CVE-2019-5883May 17, 2019
    risk 0.00cvss epss 0.01

    An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.

  • CVE-2018-20500May 17, 2019
    risk 0.00cvss epss 0.01

    An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of…

  • CVE-2018-19585May 17, 2019
    risk 0.00cvss epss 0.15

    GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

  • CVE-2019-10112May 16, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

  • CVE-2019-10117May 16, 2019
    risk 0.00cvss epss 0.01

    An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

  • CVE-2019-10116May 16, 2019
    risk 0.00cvss epss 0.01

    An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

  • CVE-2019-10115May 16, 2019
    risk 0.00cvss epss 0.01

    An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code…

  • CVE-2019-10114May 16, 2019
    risk 0.00cvss epss 0.02

    An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way,…

  • CVE-2019-10113May 16, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects//languages requests may allow Uncontrolled Resource Consumption.

  • CVE-2019-10111May 15, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

  • CVE-2019-10110May 15, 2019
    risk 0.00cvss epss 0.01

    An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which…

Page 27 of 28