Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6832 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. | ||||
| CVE-2020-6833 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | ||||
| CVE-2020-13262 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.1 Medium |
| Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | ||||
| CVE-2020-13261 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.7 Low |
| Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | ||||
| CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-12275 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. | ||||
| CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2021-07-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | ||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7976 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2019-11547 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.1 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | ||||
| CVE-2019-12429 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. | ||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | ||||
| CVE-2019-19258 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-13002 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. | ||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | ||||
| CVE-2019-13006 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. | ||||
| CVE-2020-10975 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | ||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | ||||
| CVE-2019-15729 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. | ||||