CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released •
CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVE-2020-8795
https://notcve.org/view.php?id=CVE-2020-8795
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. En GitLab Enterprise Edition (EE) versiones 12.5.0 hasta 12.7.5, compartir un grupo con un grupo podría otorgar acceso al proyecto a usuarios no autorizados. • https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released https://about.gitlab.com/releases/categories/releases •
CVE-2019-12825
https://notcve.org/view.php?id=CVE-2019-12825
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. Se detectó un Acceso no Autorizado en Container Registry de otros grupos en GitLab Enterprise versión 12.0.0-pre. • https://about.gitlab.com/blog/categories/releases https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry • CWE-922: Insecure Storage of Sensitive Information •
CVE-2019-15594
https://notcve.org/view.php?id=CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. GitLab versiones 11.8 y posteriores, contiene una vulnerabilidad de seguridad que permite a un usuario obtener detalles de las tuberías restringidas por medio del endpoint de petición de combinación. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://hackerone.com/reports/507064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •