CVE-2019-20148
https://notcve.org/view.php?id=CVE-2019-20148
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 8.13 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •
CVE-2020-5197
https://notcve.org/view.php?id=CVE-2020-5197
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 5.1 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-6832
https://notcve.org/view.php?id=CVE-2020-6832
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. Se descubrió un problema en GitLab Enterprise Edition (EE) versiones 8.9.0 hasta la versión 12.6.1. Usando la funcionalidad de importación de proyectos, fue posible que alguien obtuviera problemas a partir de proyectos privados. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released •
CVE-2019-19629
https://notcve.org/view.php?id=CVE-2019-19629
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. En GitLab EE versiones 10.5 hasta 12.5.3, 12.4.5 y 12.3.8, cuando se transfiere un proyecto público a un grupo privado, el código privado sería divulgado por medio de la API Group Search proporcionada por la integración de Elasticsearch. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-19628
https://notcve.org/view.php?id=CVE-2019-19628
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. En GitLab EE versiones 11.3 hasta 12.5.3, 12.4.5 y 12.3.8, un saneamiento de parámetro insuficiente para el registro del paquete Maven podría derivar a una escalada de privilegios y vulnerabilidades de ejecución de código remota bajo determinadas condiciones. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •