CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab : Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-22190 22 Dir. Trav. 2021-04-12 2021-04-20
4.0
None Remote Low ??? Partial None None
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
2 CVE-2020-26405 22 Dir. Trav. 2020-11-17 2020-12-01
5.5
None Remote Low ??? None Partial Partial
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
3 CVE-2020-13355 22 Dir. Trav. 2020-11-19 2020-12-01
5.5
None Remote Low ??? None Partial Partial
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
4 CVE-2020-12448 22 Dir. Trav. 2020-05-07 2020-05-11
5.0
None Remote Low Not required Partial None None
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
5 CVE-2020-10977 22 Dir. Trav. 2020-04-08 2020-12-11
2.1
None Local Low Not required Partial None None
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
6 CVE-2020-10953 22 Dir. Trav. 2020-03-27 2020-03-31
5.0
None Remote Low Not required Partial None None
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
7 CVE-2020-10086 22 Dir. Trav. 2020-03-13 2020-03-17
5.0
None Remote Low Not required Partial None None
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
8 CVE-2020-7966 22 Dir. Trav. 2020-02-05 2020-02-07
5.0
None Remote Low Not required Partial None None
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
9 CVE-2019-19628 22 Exec Code Dir. Trav. 2020-01-05 2020-01-10
7.5
None Remote Low Not required Partial Partial Partial
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
10 CVE-2019-19088 22 Dir. Trav. 2020-01-03 2020-01-06
7.5
None Remote Low Not required Partial Partial Partial
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
11 CVE-2019-9222 22 Dir. Trav. 2019-04-17 2020-08-24
5.5
None Remote Low ??? Partial None Partial
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
12 CVE-2019-6783 22 Exec Code Dir. Trav. 2019-09-09 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.
13 CVE-2019-6240 22 Dir. Trav. 2019-03-25 2019-03-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
14 CVE-2018-20229 22 Dir. Trav. 2019-04-04 2019-04-08
5.0
None Remote Low Not required Partial None None
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.
15 CVE-2018-20144 22 Dir. Trav. 2019-03-28 2019-10-03
5.0
None Remote Low Not required Partial None None
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
16 CVE-2018-19856 22 Dir. Trav. 2019-03-26 2019-03-28
5.0
None Remote Low Not required Partial None None
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
17 CVE-2018-14364 22 Exec Code Dir. Trav. 2018-07-18 2018-09-15
7.5
None Remote Low Not required Partial Partial Partial
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
18 CVE-2018-3710 22 Exec Code Dir. Trav. 2018-03-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
19 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Total number of vulnerabilities : 19   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.