Total
1199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9219 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). | |||||
| CVE-2019-7353 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. | |||||
| CVE-2019-19086 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). | |||||
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2018-19582 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | |||||
| CVE-2019-10115 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. | |||||
| CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-11544 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. | |||||
| CVE-2019-6782 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. | |||||
| CVE-2019-5883 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to. | |||||
| CVE-2019-19260 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). | |||||
| CVE-2019-15737 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | |||||
| CVE-2019-6997 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. | |||||
| CVE-2019-9485 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-7176 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. | |||||
| CVE-2019-16170 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | |||||
| CVE-2019-6996 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. | |||||
| CVE-2019-20145 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-9218 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). | |||||
| CVE-2019-15736 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. | |||||