Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Total 1001 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13293 1 Gitlab 1 Gitlab 2021-07-21 5.5 MEDIUM 7.1 HIGH
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
CVE-2020-7976 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
CVE-2020-5197 1 Gitlab 1 Gitlab 2021-07-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVE-2020-13261 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 2.7 LOW
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
CVE-2020-13279 1 Gitlab 1 Gitlab-vscode-extension 2021-07-21 6.8 MEDIUM 8.6 HIGH
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system
CVE-2019-10112 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
CVE-2019-19258 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
CVE-2020-10081 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
CVE-2019-15732 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
CVE-2019-18462 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
CVE-2020-13359 1 Gitlab 1 Gitlab 2021-07-21 5.5 MEDIUM 7.6 HIGH
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE-2019-9171 1 Gitlab 1 Gitlab 2021-07-21 4.3 MEDIUM 3.7 LOW
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
CVE-2020-26416 1 Gitlab 1 Gitlab 2021-07-21 2.1 LOW 4.4 MEDIUM
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVE-2020-13298 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.8 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
CVE-2020-13281 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVE-2020-13320 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.
CVE-2019-18448 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
CVE-2019-15726 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
CVE-2020-13268 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
CVE-2020-15525 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.