CVE-2019-5461
https://notcve.org/view.php?id=CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se descubrió un problema de comprobación de entrada en la integración del servicio GitHub que podría resultar en que un atacante pueda realizar peticiones POST arbitrarias en la red interna de una instancia de GitLab. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com//gitlab-org/gitlab-ce/issues/54649 https://hackerone.com/reports/446593 • CWE-20: Improper Input Validation •
CVE-2019-14943
https://notcve.org/view.php?id=CVE-2019-14943
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. Se detectó un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.1.4. Utiliza Credenciales Embebidas. • https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530 • CWE-798: Use of Hard-coded Credentials •
CVE-2019-9866
https://notcve.org/view.php?id=CVE-2019-9866
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. Fue encontrado un problema en GitLab Community and Enterprise Edition versión 11.x anterior a 11.7.7 y versión 11.8.x anterior a 11.8.3. Esta permite la divulgación de información. • https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/59003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-9732
https://notcve.org/view.php?id=CVE-2019-9732
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. Fue encontrado un problema en GitLab Community and Enterprise Edition versión 10.x (a partir de 10.8) y versión 11.x anteriores a 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta un control de acceso incorrecto. • https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-9485
https://notcve.org/view.php?id=CVE-2019-9485
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Fue encontrado un problema en GitLab Community and Enterprise Edition anteriores a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released https://about.gitlab.com/blog/categories/releases •