CVE-2019-5462
https://notcve.org/view.php?id=CVE-2019-5462
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58312 https://hackerone.com/reports/495282 • CWE-613: Insufficient Session Expiration •
CVE-2019-15586
https://notcve.org/view.php?id=CVE-2019-15586
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. Se presenta una vulnerabilidad de tipo XSS en Gitlab CE/EE versiones anteriores a 12.1.10, en el complemento Mermaid. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/645043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20142
https://notcve.org/view.php?id=CVE-2019-20142
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 12.3 hasta la versión 12.6.1. Permite una Denegación de Servicio. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •
CVE-2019-20143
https://notcve.org/view.php?id=CVE-2019-20143
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versión 12.6. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released • CWE-306: Missing Authentication for Critical Function •
CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •