Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Total 1047 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8795 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
CVE-2018-20491 1 Gitlab 1 Gitlab 2024-02-28 3.5 LOW 5.4 MEDIUM
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-18643 1 Gitlab 1 Gitlab 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2019-10112 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
CVE-2018-19585 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
CVE-2018-19494 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
CVE-2019-6788 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
CVE-2019-9179 1 Gitlab 1 Gitlab 2024-02-28 4.3 MEDIUM 3.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
CVE-2018-19856 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
CVE-2019-15728 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
CVE-2019-10117 1 Gitlab 1 Gitlab 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.
CVE-2019-11547 1 Gitlab 1 Gitlab 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.
CVE-2019-6240 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
CVE-2018-19572 1 Gitlab 1 Gitlab 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
CVE-2019-9732 1 Gitlab 1 Gitlab 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
CVE-2019-6785 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.
CVE-2019-6796 1 Gitlab 1 Gitlab 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
CVE-2018-19496 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.
CVE-2019-6996 1 Gitlab 1 Gitlab 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.
CVE-2019-10640 1 Gitlab 1 Gitlab 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.