Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Total 1001 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13287 1 Gitlab 1 Gitlab 2020-09-16 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
CVE-2020-13317 1 Gitlab 1 Gitlab 2020-09-16 4.0 MEDIUM 4.9 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
CVE-2020-13313 1 Gitlab 1 Gitlab 2020-09-16 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
CVE-2020-13284 1 Gitlab 1 Gitlab 2020-09-16 5.5 MEDIUM 6.5 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
CVE-2020-13314 1 Gitlab 1 Gitlab 2020-09-16 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.
CVE-2019-15724 1 Gitlab 1 Gitlab 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
CVE-2019-11544 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.
CVE-2019-6785 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.
CVE-2019-5462 1 Gitlab 1 Gitlab 2020-08-24 6.8 MEDIUM 8.8 HIGH
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVE-2019-6795 1 Gitlab 1 Gitlab 2020-08-24 5.8 MEDIUM 5.4 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.
CVE-2019-6960 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
CVE-2019-7549 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information.
CVE-2019-9222 1 Gitlab 1 Gitlab 2020-08-24 5.5 MEDIUM 8.1 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVE-2019-6786 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.
CVE-2019-11549 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.
CVE-2019-15737 1 Gitlab 1 Gitlab 2020-08-24 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVE-2019-19087 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
CVE-2019-10110 1 Gitlab 1 Gitlab 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.
CVE-2019-9756 1 Gitlab 1 Gitlab 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
CVE-2019-9170 1 Gitlab 1 Gitlab 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.