CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4582
https://notcve.org/view.php?id=CVE-2013-4582
28 Jan 2020 — The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. Las funciones (1) create_branch, (2) create_tag, (3) import_project y (4) fork_project en el archivo lib/gitlab_projects.rb en GitLab versi... • http://www.openwall.com/lists/oss-security/2013/11/15/4 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4583
https://notcve.org/view.php?id=CVE-2013-4583
28 Jan 2020 — The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. La función parse_cmd en el archivo lib/gitlab_shell.rb en GitLab versiones 5.0 anteriores a 5.4.2, Community Edition versiones anteriores a 6.2.4 y Enterprise Edition versiones anteriores a 6.2.1 y gitlab-shell versiones anteriores a 1.7.8, permite a us... • http://www.openwall.com/lists/oss-security/2013/11/15/4 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5197
https://notcve.org/view.php?id=CVE-2020-5197
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 5.1 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19260
https://notcve.org/view.php?id=CVE-2019-19260
03 Jan 2020 — GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tiene un Control de Acceso Incorrecto (problema 2 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19257
https://notcve.org/view.php?id=CVE-2019-19257
03 Jan 2020 — GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tienen un Control de Acceso Incorrecto • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15584
https://notcve.org/view.php?id=CVE-2019-15584
20 Dec 2019 — A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Se presenta una denegación de servicio en gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, que permitiría a un atacante omitir la comprobación de entrada en los campos markdown para suspender la página afectada. • https://hackerone.com/reports/670572 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15589
https://notcve.org/view.php?id=CVE-2019-15589
18 Dec 2019 — An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitiría que un usuario bloqueado pudiera ser capaz de usar el clon GIT y extraer si hubiera obtenido un token CI/CD antes. • https://hackerone.com/reports/497047 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5487
https://notcve.org/view.php?id=CVE-2019-5487
18 Dec 2019 — An improper access control vulnerability exists in Gitlab EE
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2019-15575
https://notcve.org/view.php?id=CVE-2019-15575
18 Dec 2019 — A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. Se presenta una inyección de comando en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitió a un atacante inyectar comandos mediante la API por medio del ámbito blobs. • https://hackerone.com/reports/682442 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15576
https://notcve.org/view.php?id=CVE-2019-15576
18 Dec 2019 — An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. Se presenta una vulnerabilidad de divulgación de información en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitió a un atacante visualizar notas privadas del sistema desde un endpoint GraphQL. • https://hackerone.com/reports/633001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •