CVE-2019-15734
https://notcve.org/view.php?id=CVE-2019-15734
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.6 hasta 12.2.1. Bajo condiciones muy específicas, los títulos de commit y los comentarios de los miembros del equipo podrían ser visualizables para usuarios que no tenían permiso para acceder a ellos. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/64711 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15733
https://notcve.org/view.php?id=CVE-2019-15733
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 7.12 hasta 12.2.1. El nombre predeterminado de la derivación especificada podría estar expuesto a usuarios no autorizados. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61210 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15732
https://notcve.org/view.php?id=CVE-2019-15732
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.2 hasta 12.2.1. La API de importación de proyectos podría ser usada para omitir las restricciones de visibilidad del proyecto. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/57015 •
CVE-2019-15731
https://notcve.org/view.php?id=CVE-2019-15731
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.2.1. Los no miembros eran capaces de comentar en las peticiones de fusión a pesar de que el repositorio se configuró para permitir que solo los miembros del proyecto lo hagan. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/60465 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-15730
https://notcve.org/view.php?id=CVE-2019-15730
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.14 hasta 12.2.1. La integración de Jira contiene una vulnerabilidad de tipo SSRF como resultado de una omisión de los mecanismos de protección actuales contra este tipo de ataque, lo que permitiría enviar peticiones a cualquier recurso accesible en la red local por parte del servidor de GitLab. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61349 • CWE-918: Server-Side Request Forgery (SSRF) •