Total
988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | |||||
| CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
| CVE-2020-13298 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | |||||
| CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | |||||
| CVE-2020-13320 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. | |||||
| CVE-2019-18448 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. | |||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
| CVE-2020-13268 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 | |||||
| CVE-2020-15525 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | |||||
| CVE-2020-26415 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
| CVE-2019-12429 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. | |||||
| CVE-2020-13341 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | |||||
| CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | |||||
| CVE-2019-20147 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. | |||||
| CVE-2019-19257 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2020-13311 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. | |||||
| CVE-2020-10085 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | |||||
| CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | |||||
| CVE-2019-9223 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | |||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | |||||