CVE-2020-6832
https://notcve.org/view.php?id=CVE-2020-6832
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. Se descubrió un problema en GitLab Enterprise Edition (EE) versiones 8.9.0 hasta la versión 12.6.1. Usando la funcionalidad de importación de proyectos, fue posible que alguien obtuviera problemas a partir de proyectos privados. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released •
CVE-2019-19629
https://notcve.org/view.php?id=CVE-2019-19629
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. En GitLab EE versiones 10.5 hasta 12.5.3, 12.4.5 y 12.3.8, cuando se transfiere un proyecto público a un grupo privado, el código privado sería divulgado por medio de la API Group Search proporcionada por la integración de Elasticsearch. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-19628
https://notcve.org/view.php?id=CVE-2019-19628
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. En GitLab EE versiones 11.3 hasta 12.5.3, 12.4.5 y 12.3.8, un saneamiento de parámetro insuficiente para el registro del paquete Maven podría derivar a una escalada de privilegios y vulnerabilidades de ejecución de código remota bajo determinadas condiciones. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-19314
https://notcve.org/view.php?id=CVE-2019-19314
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. GitLab EE versiones 8.4 hasta 12.5, 12.4.3 y 12.3.6, almacenaron varios tokens en texto plano. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/32381 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2019-19313
https://notcve.org/view.php?id=CVE-2019-19313
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. GitLab EE versiones 12.3 hasta 12.5, 12.4.3 y 12.3.6, permite una Denegación de Servicio. Ciertos caracteres hacían imposible crear, editar o visualizar problemas y confirmaciones. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/14947 • CWE-755: Improper Handling of Exceptional Conditions •