CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab : Security Vulnerabilities Published In 2019 (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-18461 200 +Info 2019-11-26 2019-12-03
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.
2 CVE-2019-18460 200 +Info 2019-11-26 2019-11-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
3 CVE-2019-18448 200 +Info 2019-11-26 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
4 CVE-2019-15740 200 +Info 2019-09-16 2019-09-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
5 CVE-2019-15738 200 +Info 2019-09-16 2019-09-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
6 CVE-2019-15734 200 +Info 2019-09-16 2019-09-18
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
7 CVE-2019-15733 200 +Info 2019-09-16 2019-12-17
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
8 CVE-2019-15732 200 Bypass +Info 2019-09-16 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
9 CVE-2019-15729 200 +Info 2019-09-17 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
10 CVE-2019-15727 200 +Info 2019-09-16 2019-09-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
11 CVE-2019-15726 200 +Info 2019-09-16 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
12 CVE-2019-15580 200 +Info 2019-12-18 2019-12-27
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.
13 CVE-2019-11605 200 +Info 2019-09-09 2019-09-10
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token.
14 CVE-2019-11545 200 +Info 2019-09-09 2019-09-10
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.
15 CVE-2019-10109 200 +Info 2019-05-15 2019-05-16
5.0
None Remote Low Not required Partial None None
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).
16 CVE-2019-9866 200 +Info 2019-05-29 2019-09-09
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
17 CVE-2019-9225 200 +Info 2019-04-17 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
18 CVE-2019-9223 200 +Info 2019-04-17 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.
19 CVE-2019-9179 200 +Info 2019-04-17 2019-04-17
4.3
None Remote Medium Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
20 CVE-2019-9178 200 +Info 2019-04-17 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).
21 CVE-2019-9175 200 +Info 2019-04-17 2019-04-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
22 CVE-2019-9172 200 +Info 2019-04-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).
23 CVE-2019-9171 200 +Info 2019-04-17 2021-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
24 CVE-2019-7353 200 +Info 2019-05-17 2020-08-24
6.4
None Remote Low Not required Partial Partial None
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.
25 CVE-2019-6797 +Info 2019-05-17 2020-08-24
5.0
None Remote Low Not required Partial None None
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.
26 CVE-2019-6788 +Info 2019-09-09 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
27 CVE-2018-20495 200 +Info 2019-12-30 2020-01-07
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
28 CVE-2018-20488 200 +Info 2019-12-30 2020-01-08
4.0
None Remote Low ??? Partial None None
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.