CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6794
https://notcve.org/view.php?id=CVE-2019-6794
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite la divulgación de información (problema 5 de 6). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6784
https://notcve.org/view.php?id=CVE-2019-6784
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Esta permite un ataque de tipo XSS (problema 1 de 2... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11548
https://notcve.org/view.php?id=CVE-2019-11548
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19580
https://notcve.org/view.php?id=CVE-2018-19580
10 Jul 2019 — All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19495
https://notcve.org/view.php?id=CVE-2018-19495
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9485
https://notcve.org/view.php?id=CVE-2019-9485
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Fue encontrado un problema en GitLab Community and Enterprise Edition anteriores a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9221
https://notcve.org/view.php?id=CVE-2019-9221
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). Fue encontrado un problema en GitLab Community and Enterprise Edition anterior a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta un control de acceso incorrecto (problema 3 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9218
https://notcve.org/view.php?id=CVE-2019-9218
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). Fue encontrado un problema en GitLab Community and Enterprise Edition versión anterior de 11.6.10, versión 11.7.x anterior de 11.7.6 y versión 11.8.x anterior de 11.8.1. Tiene control de acceso incorrecto (problema 1 de 5). • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6797
https://notcve.org/view.php?id=CVE-2019-6797
17 May 2019 — An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI. Se descubrió un problema de divulgación de información en GitLab Enterprise Edition antes de 11.5.8, 11.6.x antes de 11.6.6 y 11.7.x antes de 11.7.1. El token de GitHub utilizado en CI/CD para reposiciones externas se estaba filtrando a los mantenedores del proyecto en la... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10112
https://notcve.org/view.php?id=CVE-2019-10112
16 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. Fue encontrado un problema en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. La construcción de la clave HMAC fue derivada inseguramente. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-326: Inadequate Encryption Strength •