CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15721
https://notcve.org/view.php?id=CVE-2019-15721
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 10.8 hasta 12.2.1. Un end point interno permitió involuntariamente a los mantenedores del grupo visualizar y editar la configuración del ejecutor de grupo. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61981 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16170
https://notcve.org/view.php?id=CVE-2019-16170
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. Se descubrió un problema en GitLab Enterprise Edition versiones 11.x y versiones 12.x anteriores a 12.0.9, versiones 12.1.x anteriores a 12.1.9 y versiones 12.2.x anteriores a 12.2.5. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2019-5473
https://notcve.org/view.php?id=CVE-2019-5473
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. Se detectó un problema de autenticación en GitLab, que permitió omitir la comprobación por correo electrónico. Esto se abordó en GitLab versiones 12.1.2 y 12.0.4. • https://gitlab.com/gitlab-org/gitlab-ee/issues/11643 https://hackerone.com/reports/565883 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 2CVE-2019-5471
https://notcve.org/view.php?id=CVE-2019-5471
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de comprobación de entrada y codificación de salida en la funcionalidad de notificación de correo electrónico de GitLab lo que podría resultar un ataque XSS persistente. Esto se abordó en GitLab versiones 12.1.2, 12.0.4 y 11.11.6. • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11515 https://hackerone.com/reports/496973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 2CVE-2019-5467
https://notcve.org/view.php?id=CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de comprobación de entrada y codificación de salida en la funcionalidad de páginas wiki de GitLab CE/EE que podría resultar en un ataque de tipo XSS persistente. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 https://hackerone.com/reports/526325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •