Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19310 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. | |||||
| CVE-2019-18463 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). | |||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | |||||
| CVE-2019-18452 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. | |||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2018-20496 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | |||||
| CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2018-20499 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.4 MEDIUM | 7.2 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. | |||||
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-18449 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). | |||||
| CVE-2019-20142 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. | |||||
| CVE-2019-18460 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. | |||||
| CVE-2019-13011 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. | |||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-18456 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). | |||||
| CVE-2019-12825 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. | |||||
| CVE-2019-19255 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. | |||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | |||||