CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10535
https://notcve.org/view.php?id=CVE-2020-10535
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. GitLab versiones 12.8.x anteriores a la versión 12.8.6, cuando el registro está habilitado, permite a atacantes remotos omitir las restricciones del dominio de correo electrónico dentro del período de gracia de dos días para una dirección de correo electrónico no confirmada. • https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8795
https://notcve.org/view.php?id=CVE-2020-8795
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. En GitLab Enterprise Edition (EE) versiones 12.5.0 hasta 12.7.5, compartir un grupo con un grupo podría otorgar acceso al proyecto a usuarios no autorizados. • https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released https://about.gitlab.com/releases/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6833
https://notcve.org/view.php?id=CVE-2020-6833
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Se detectó un problema en GitLab EE versiones 11.3 y posteriores. Una omisión de GitLab Workhorse podría conllevar a una divulgación de paquetes y archivos mediante el tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7966
https://notcve.org/view.php?id=CVE-2020-7966
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. GitLab EE versiones 11.11 y posteriores hasta 12.7.2, permite un Salto de Directorio. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •