CVE-2020-10976
https://notcve.org/view.php?id=CVE-2020-10976
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. GitLab EE/CE versiones 8.17 hasta 12.9, es vulnerable a la filtrado de información al consultar un widget de una petición de fusión. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-10977 – GitLab File Read Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-10977
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. GitLab EE/CE versiones 8.5 hasta 12.9, es vulnerable a un salto de ruta cuando se mueve un problema entre proyectos. • https://github.com/KooroshRZ/CVE-2020-10977 https://github.com/liath/CVE-2020-10977 https://github.com/JustMichi/CVE-2020-10977.py http://packetstormsecurity.com/files/160441/GitLab-File-Read-Remote-Code-Execution.html https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases https://hackerone.com/reports/827052 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-10978
https://notcve.org/view.php?id=CVE-2020-10978
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. GitLab EE/CE versiones 8.11 hasta 12.9, está filtrando información sobre Problemas aperturados en un proyecto público y luego es movido a un proyecto privado por medio de Interfaz de Usuario Web y la API GraphQL. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases •
CVE-2020-10979
https://notcve.org/view.php?id=CVE-2020-10979
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. GitLab EE/CE versiones 11.10 hasta 12.9, está filtrando información sobre métricas de tuberías de CI a usuarios no autorizados. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases •
CVE-2020-10980
https://notcve.org/view.php?id=CVE-2020-10980
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. GitLab EE/CE versiones 8.0.rc1 hasta 12.9, es vulnerable a un ataque de tipo SSRF ciego en la integración de FogBugz. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •