Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15732 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | ||||
| CVE-2019-18448 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. | ||||
| CVE-2019-18462 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | ||||
| CVE-2020-10952 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | ||||
| CVE-2019-19309 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. | ||||
| CVE-2019-19312 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.8 Medium |
| GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. | ||||
| CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | ||||
| CVE-2019-19629 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.5 High |
| In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | ||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 8.1 High |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | ||||
| CVE-2019-20147 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20148 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2020-10085 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | ||||
| CVE-2020-10084 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace | ||||
| CVE-2020-10081 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | ||||
| CVE-2020-10080 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. | ||||
| CVE-2020-10981 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | ||||
| CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2021-07-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | ||||
| CVE-2019-9172 | 1 Gitlab | 1 Gitlab | 2021-07-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). | ||||
| CVE-2019-9178 | 1 Gitlab | 1 Gitlab | 2021-07-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5). | ||||
| CVE-2020-10075 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.1 Medium |
| GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. | ||||