CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6790
https://notcve.org/view.php?id=CVE-2019-6790
An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. Se detectó un problema de control de acceso incorrecto (problema 2 de 3) en GitLab Community and Enterprise Edition 8.14 y versiones posteriores, pero antes de 11.5.8, 11.6.x antes de 11.6.6 y 11.7.x antes de 11.7.1. Los usuarios invitados pudieron ver la lista de solicitudes de combinación de un grupo. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51328 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6787
https://notcve.org/view.php?id=CVE-2019-6787
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. Se descubrió un problema de control de acceso incorrecto en GitLab Community and Enterprise Edition antes de 11.5.8, 11.6.x antes de 11.6.6 y 11.7.x antes de 11.7.1. La API de GitLab permitió a los mantenedores y propietarios del proyecto ver los tokens de activación de otros usuarios del proyecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-20500
https://notcve.org/view.php?id=CVE-2018-20500
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. Fue descubierto un problema con los permisos inseguros en GitLab Community and Enterprise Edition 9.4 y versiones superiores, anteriores a 11.4.13, 11.5.x anteriores a 11.5.6 y 11.6.x anteriores a 11.6.1. El Runner Registration Token en la configuración de CI/CD no se pudo restablecer. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10112
https://notcve.org/view.php?id=CVE-2019-10112
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. Fue encontrado un problema en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. La construcción de la clave HMAC fue derivada inseguramente. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ee/issues/9730 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10117
https://notcve.org/view.php?id=CVE-2019-10117
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. Fue encontrado un problema de Redireccionamiento abierto en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. Es activada una redirección después de una autorización con éxito dentro de Oauth/:GeoAuthController para el nodo secundario Geo. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ee/issues/9731 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •