CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6996
https://notcve.org/view.php?id=CVE-2019-6996
An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. Se detectó un problema en GitLab Enterprise Edition versiones 10.x (a partir de la 10.6) y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8187 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-6995
https://notcve.org/view.php?id=CVE-2019-6995
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. Se detectó un problema en GitLab Community and Enterprise Edition 8.x, 9.x, 10.xy versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/55537 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-6960
https://notcve.org/view.php?id=CVE-2019-6960
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54357 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6795
https://notcve.org/view.php?id=CVE-2019-6795
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta una Distinción Visual Insuficiente de Homoglifos Presentados a un Usuario. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/29365 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6794
https://notcve.org/view.php?id=CVE-2019-6794
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite la divulgación de información (problema 5 de 6). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54353 • CWE-269: Improper Privilege Management •