CVE-2020-10073
https://notcve.org/view.php?id=CVE-2020-10073
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. GitLab EE versiones 12.4.2 hasta 12.8.1, permite una Denegación de Servicio. Se detectó internamente que una potencial denegación de servicio que involucra las comprobaciones de permisos podría impactar a una página de inicio de proyecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html •
CVE-2020-10074
https://notcve.org/view.php?id=CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. GitLab versiones 10.1 hasta 12.8.1, presenta un Control de Acceso Incorrecto. Se detectó un escenario en el cual una cuenta de GitLab podría ser controlada por medio de un enlace expirado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html •
CVE-2020-10075
https://notcve.org/view.php?id=CVE-2020-10075
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. GitLab versiones 12.5 hasta 12.8.1, permite una inyección de HTML. Un encabezado de error en particular era potencialmente susceptible a una inyección o a otras vulnerabilidades por medio de una entrada sin escape. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-10076
https://notcve.org/view.php?id=CVE-2020-10076
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se detectó una vulnerabilidad de tipo cross-site scripting almacenado cuando se desplegaban peticiones de fusión. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-10077
https://notcve.org/view.php?id=CVE-2020-10077
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-918: Server-Side Request Forgery (SSRF) •