CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab » Gitlab : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2020-10087 200 +Info 2020-03-13 2020-03-17
5.0
None Remote Low Not required Partial None None
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
302 CVE-2020-10086 22 Dir. Trav. 2020-03-13 2020-03-17
5.0
None Remote Low Not required Partial None None
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
303 CVE-2020-10085 200 +Info 2020-03-13 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
304 CVE-2020-10084 200 +Info 2020-03-13 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
305 CVE-2020-10083 281 2020-03-13 2020-03-17
6.4
None Remote Low Not required Partial Partial None
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
306 CVE-2020-10082 DoS 2020-03-13 2020-03-17
5.0
None Remote Low Not required None None Partial
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
307 CVE-2020-10081 863 2020-03-13 2021-07-21
4.0
None Remote Low ??? Partial None None
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
308 CVE-2020-10080 200 +Info 2020-03-13 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
309 CVE-2020-10079 306 2020-03-13 2020-03-18
5.0
None Remote Low Not required None Partial None
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
310 CVE-2020-10078 79 XSS 2020-03-13 2020-03-17
4.3
None Remote Medium Not required None Partial None
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.
311 CVE-2020-10077 918 2020-03-13 2020-03-18
7.5
None Remote Low Not required Partial Partial Partial
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
312 CVE-2020-10076 79 XSS 2020-03-13 2020-03-17
4.3
None Remote Medium Not required None Partial None
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
313 CVE-2020-10075 74 2020-03-13 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
314 CVE-2020-10074 2020-03-13 2020-03-18
7.5
None Remote Low Not required Partial Partial Partial
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
315 CVE-2020-10073 862 DoS 2020-03-13 2021-07-21
5.0
None Remote Low Not required None None Partial
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
316 CVE-2020-8795 862 2020-02-17 2021-07-21
5.0
None Remote Low Not required Partial None None
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
317 CVE-2020-8114 276 2020-02-05 2020-02-07
7.5
None Remote Low Not required Partial Partial Partial
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
318 CVE-2020-8113 269 2020-03-06 2020-03-18
7.5
None Remote Low Not required Partial Partial Partial
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
319 CVE-2020-7979 276 2020-02-05 2020-02-07
4.3
None Remote Medium Not required Partial None None
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
320 CVE-2020-7978 DoS 2020-02-05 2020-02-06
5.0
None Remote Low Not required None None Partial
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
321 CVE-2020-7977 276 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
322 CVE-2020-7976 200 +Info 2020-02-05 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
323 CVE-2020-7974 200 +Info 2020-02-05 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
324 CVE-2020-7973 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
GitLab through 12.7.2 allows XSS.
325 CVE-2020-7972 276 2020-02-05 2020-02-06
5.0
None Remote Low Not required None Partial None
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
326 CVE-2020-7971 79 XSS 2020-02-05 2020-02-06
4.3
None Remote Medium Not required None Partial None
GitLab EE 11.0 and later through 12.7.2 allows XSS.
327 CVE-2020-7969 200 +Info 2020-02-05 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
328 CVE-2020-7968 287 2020-02-05 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
329 CVE-2020-7967 276 2020-02-05 2020-02-06
4.0
None Remote Low ??? Partial None None
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
330 CVE-2020-7966 22 Dir. Trav. 2020-02-05 2020-02-07
5.0
None Remote Low Not required Partial None None
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
331 CVE-2020-6833 200 Bypass +Info 2020-02-05 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
332 CVE-2020-6832 200 +Info 2020-01-13 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
333 CVE-2020-5197 863 2020-01-13 2021-07-21
3.5
None Remote Medium ??? Partial None None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
334 CVE-2019-20148 200 +Info 2020-01-13 2021-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
335 CVE-2019-20147 200 +Info 2020-01-13 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
336 CVE-2019-20146 400 2020-01-13 2020-01-17
5.0
None Remote Low Not required None None Partial
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption.
337 CVE-2019-20145 2020-01-13 2020-08-24
4.0
None Remote Low ??? None Partial None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.
338 CVE-2019-20144 2020-01-13 2020-08-24
4.0
None Remote Low ??? None Partial None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.
339 CVE-2019-20143 306 2020-01-13 2020-01-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.
340 CVE-2019-20142 DoS 2020-01-13 2020-08-24
4.0
None Remote Low ??? None None Partial
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
341 CVE-2019-19629 200 +Info 2020-01-05 2021-07-21
5.0
None Remote Low Not required Partial None None
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
342 CVE-2019-19628 22 Exec Code Dir. Trav. 2020-01-05 2020-01-10
7.5
None Remote Low Not required Partial Partial Partial
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
343 CVE-2019-19314 312 2020-01-05 2020-01-10
5.0
None Remote Low Not required Partial None None
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
344 CVE-2019-19313 20 DoS 2020-01-05 2021-07-21
5.0
None Remote Low Not required None None Partial
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
345 CVE-2019-19312 200 +Info 2020-01-05 2021-07-21
5.0
None Remote Low Not required Partial None None
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
346 CVE-2019-19311 79 XSS 2020-01-03 2020-01-09
3.5
None Remote Medium ??? None Partial None
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
347 CVE-2019-19310 522 2020-01-03 2020-01-08
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
348 CVE-2019-19309 200 +Info 2020-01-03 2021-07-21
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
349 CVE-2019-19263 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? None Partial None
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
350 CVE-2019-19262 732 2020-01-03 2020-08-24
4.0
None Remote Low ??? Partial None None
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
Total number of vulnerabilities : 599   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.