CVE-2019-19088
https://notcve.org/view.php?id=CVE-2019-19088
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. Gitlab Enterprise Edition (EE) versiones 11.3 hasta la versión 12.4.2, permite un Salto de Directorio. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-19087
https://notcve.org/view.php?id=CVE-2019-19087
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). Gitlab Enterprise Edition (EE) versiones anteriores a la versión 12.5.1, tiene Permisos No Seguros • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-19086
https://notcve.org/view.php?id=CVE-2019-19086
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). Gitlab Enterprise Edition (EE) versiones anteriores a la versíon 12.5.1, tiene Permisos No Seguros (problema 1 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-19311
https://notcve.org/view.php?id=CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. GitLab EE versiones 8.14 hasta la versión 12.5, 12.4.3 y 12.3.6, permite un ataque de tipo XSS en los campos group y profile. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20507
https://notcve.org/view.php?id=CVE-2018-20507
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Enterprise Edition versiones 11.2.x hasta 11.4.x anteriores a la versión 11.4.13, versiones 11.5.x anteriores a la versión 11.5.6 y versiones 11.6.x anteriores a la versión 11.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released • CWE-306: Missing Authentication for Critical Function •