CVE-2020-10952
https://notcve.org/view.php?id=CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. GitLab EE/CE versiones 8.11 hasta 12.9.1, permite a usuarios bloqueados extraer y empujar imágenes de docker. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases •
CVE-2020-10953
https://notcve.org/view.php?id=CVE-2020-10953
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. En GitLab EE versiones 11.7 hasta 12.9, la funcionalidad NPM es vulnerable a un problema de salto de ruta. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-10954
https://notcve.org/view.php?id=CVE-2020-10954
GitLab through 12.9 is affected by a potential DoS in repository archive download. GitLab versiones hasta 12.9, está afectado por una DoS potencial en una descarga de archivo del repositorio. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-10955
https://notcve.org/view.php?id=CVE-2020-10955
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases https://www.debian.org/security/2020/dsa-4691 • CWE-862: Missing Authorization •
CVE-2020-10956
https://notcve.org/view.php?id=CVE-2020-10956
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •