CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab » Gitlab : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-19310 522 2020-01-03 2020-01-08
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
152 CVE-2019-19309 200 +Info 2020-01-03 2021-07-21
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
153 CVE-2019-19263 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? None Partial None
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
154 CVE-2019-19262 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
155 CVE-2019-19259 639 2020-01-03 2020-01-06
4.0
None Remote Low ??? None Partial None
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
156 CVE-2019-19255 2020-01-03 2020-08-24
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.
157 CVE-2019-19087 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? Partial None None
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
158 CVE-2019-19086 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? Partial None None
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
159 CVE-2019-18463 732 2019-11-26 2019-12-03
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4).
160 CVE-2019-18462 269 2019-11-26 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.
161 CVE-2019-18461 200 +Info 2019-11-26 2019-12-03
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
162 CVE-2019-18458 281 2019-11-26 2019-11-27
4.0
None Remote Low ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4).
163 CVE-2019-18454 79 XSS 2019-11-26 2019-11-27
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.
164 CVE-2019-18453 732 2019-11-26 2019-11-27
4.0
None Remote Low ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.
165 CVE-2019-18450 732 2019-11-26 2019-11-27
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.
166 CVE-2019-18449 732 2019-11-26 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).
167 CVE-2019-18448 200 +Info 2019-11-26 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
168 CVE-2019-18447 732 2019-11-26 2019-11-27
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
169 CVE-2019-15739 79 XSS 2019-09-16 2019-09-17
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
170 CVE-2019-15734 200 +Info 2019-09-16 2019-09-18
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
171 CVE-2019-15733 200 +Info 2019-09-16 2019-12-17
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
172 CVE-2019-15724 79 XSS 2019-09-16 2020-08-24
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
173 CVE-2019-15594 2020-02-14 2021-09-14
4.0
None Remote Low ??? Partial None None
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
174 CVE-2019-15593 770 DoS 2019-11-22 2020-10-09
4.0
None Remote Low ??? None None Partial
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
175 CVE-2019-15592 2020-02-14 2021-08-27
4.0
None Remote Low ??? Partial None None
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
176 CVE-2019-15591 2019-12-18 2020-10-09
4.0
None Remote Low ??? Partial None None
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
177 CVE-2019-15586 79 XSS 2020-01-28 2020-01-28
4.3
None Remote Medium Not required None Partial None
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
178 CVE-2019-15584 400 DoS Bypass 2019-12-20 2020-01-08
4.0
None Remote Low ??? None None Partial
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
179 CVE-2019-15580 200 +Info 2019-12-18 2019-12-27
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.
180 CVE-2019-15577 307 2019-12-18 2021-11-02
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.
181 CVE-2019-13011 400 2020-03-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.
182 CVE-2019-13010 2020-03-10 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.
183 CVE-2019-13009 400 2020-03-10 2020-08-24
4.0
None Remote Low ??? None None Partial
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.
184 CVE-2019-13007 400 2020-03-10 2020-03-10
4.0
None Remote Low ??? None None Partial
An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption.
185 CVE-2019-13006 200 +Info 2020-03-10 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.
186 CVE-2019-13005 2020-03-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.
187 CVE-2019-13002 200 +Info 2020-03-10 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.
188 CVE-2019-13001 863 Bypass 2020-03-10 2020-03-10
4.0
None Remote Low ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.
189 CVE-2019-12825 922 2020-02-17 2020-02-28
4.0
None Remote Low ??? Partial None None
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.
190 CVE-2019-12444 79 XSS 2020-03-10 2020-03-10
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.
191 CVE-2019-12442 79 XSS 2020-03-10 2020-03-10
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.
192 CVE-2019-12434 330 2020-03-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.
193 CVE-2019-12432 200 +Info 2020-03-10 2020-03-10
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
194 CVE-2019-12431 2020-03-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
195 CVE-2019-12429 269 2020-03-10 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.
196 CVE-2019-11549 532 2019-09-09 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.
197 CVE-2019-11547 79 XSS 2019-09-09 2021-07-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.
198 CVE-2019-11545 200 +Info 2019-09-09 2019-09-10
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.
199 CVE-2019-11544 2019-09-09 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events.
200 CVE-2019-11000 2019-05-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
Total number of vulnerabilities : 258   Page : 1 2 3 4 (This Page)5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.