Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 7.5 High |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | ||||
| CVE-2019-5468 | 1 Gitlab | 1 Gitlab | 2020-02-05 | 8.8 High |
| An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. | ||||
| CVE-2013-4582 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-04 | 6.5 Medium |
| The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | ||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2020-02-03 | 8.8 High |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | ||||
| CVE-2019-5464 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 9.8 Critical |
| A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | ||||
| CVE-2019-5472 | 1 Gitlab | 1 Gitlab | 2020-01-31 | 7.5 High |
| An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. | ||||
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 9.8 Critical |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | ||||
| CVE-2019-15578 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.3 Medium |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. | ||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 5.3 Medium |
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | ||||
| CVE-2019-15583 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 7.5 High |
| An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. | ||||
| CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 6.1 Medium |
| A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | ||||
| CVE-2019-20143 | 1 Gitlab | 1 Gitlab | 2020-01-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. | ||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2020-01-17 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | ||||
| CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 9.8 Critical |
| In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | ||||
| CVE-2019-19314 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 7.5 High |
| GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | ||||
| CVE-2018-20507 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 5.3 Medium |
| An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 5.4 Medium |
| GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | ||||
| CVE-2019-19261 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 8.8 High |
| GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | ||||
| CVE-2019-15584 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 6.5 Medium |
| A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. | ||||
| CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||||