Filtered by vendor Gitlab
Subscribe
Total
1001 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13293 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 7.1 HIGH |
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | |||||
CVE-2020-7976 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | |||||
CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 3.5 LOW | 4.3 MEDIUM |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | |||||
CVE-2020-13261 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | |||||
CVE-2020-13279 | 1 Gitlab | 1 Gitlab-vscode-extension | 2021-07-21 | 6.8 MEDIUM | 8.6 HIGH |
Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | |||||
CVE-2019-10112 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. | |||||
CVE-2019-19258 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. | |||||
CVE-2020-10081 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | |||||
CVE-2019-15732 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | |||||
CVE-2019-18462 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. | |||||
CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 7.6 HIGH |
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2019-9171 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | |||||
CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
CVE-2020-13298 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | |||||
CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | |||||
CVE-2020-13320 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. | |||||
CVE-2019-18448 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. | |||||
CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
CVE-2020-13268 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 | |||||
CVE-2020-15525 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. |