CVE-2019-5463
https://notcve.org/view.php?id=CVE-2019-5463
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de autorización en el end point de las imágenes de insignia CI de GitLab CE/EE, lo que podría resultar en la divulgación del estado de la compilación. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://gitlab.com/gitlab-org/gitlab-ce/issues/56407 https://hackerone.com/reports/477222 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2019-5461
https://notcve.org/view.php?id=CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se descubrió un problema de comprobación de entrada en la integración del servicio GitHub que podría resultar en que un atacante pueda realizar peticiones POST arbitrarias en la red interna de una instancia de GitLab. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com//gitlab-org/gitlab-ce/issues/54649 https://hackerone.com/reports/446593 • CWE-20: Improper Input Validation •
CVE-2019-14943
https://notcve.org/view.php?id=CVE-2019-14943
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. Se detectó un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.1.4. Utiliza Credenciales Embebidas. • https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4530 • CWE-798: Use of Hard-coded Credentials •