CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10080
https://notcve.org/view.php?id=CVE-2020-10080
13 Mar 2020 — GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. GitLab versiones 8.3 hasta 12.8.1, permite una Divulgación de Información. Era posible que determinados no miembros accedieran a la página Contribution Analytics de un grupo privado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10081
https://notcve.org/view.php?id=CVE-2020-10081
13 Mar 2020 — GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. GitLab versiones anteriores a 12.8.2, presentan un Control de Acceso Incorrecto. Se detectó internamente que el proceso de importación de LFS podría ser usado potencialmente para acceder incorrectamente a objetos LFS que no son propiedad del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10087
https://notcve.org/view.php?id=CVE-2020-10087
13 Mar 2020 — GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. GitLab versiones anteriores a 12.8.2, permite una Divulgación de Información. Las imágenes de las tarjetas de identificación no estaban siendo procesadas por un proxy, causando advertencias de contenido mixto, así como un filtrado de la dirección IP del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13010
https://notcve.org/view.php?id=CVE-2019-13010
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Enterprise Edition 8.3 a 12.0.2. El decodificador de códigos de color era vulnerable a un ataque de agotamiento de recursos si se usaban formatos específicos. • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13003
https://notcve.org/view.php?id=CVE-2019-13003
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 12.0.3. Uno de los analizadores usados por Gilab CI era vulnerable a un ataque de agotamiento de recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12446
https://notcve.org/view.php?id=CVE-2019-12446
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.3 hasta 11.11. Permite una Exposición de la Información por medio de un Mensaje de Error. • https://about.gitlab.com/blog/categories/releases • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12445
https://notcve.org/view.php?id=CVE-2019-12445
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.4 hasta 11.11. Un usuario malicioso podría ejecutar código JavaScript en unas notas al importar un archivo de proyecto especialmente diseñado. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12441
https://notcve.org/view.php?id=CVE-2019-12441
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.4 hasta 11.11. La funcionalidad de sucursales protegidas contenían un problema de control de acceso que resultó en la omisión de las reglas de restricción de sucursales protegidas... • https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15594
https://notcve.org/view.php?id=CVE-2019-15594
14 Feb 2020 — GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. GitLab versiones 11.8 y posteriores, contiene una vulnerabilidad de seguridad que permite a un usuario obtener detalles de las tuberías restringidas por medio del endpoint de petición de combinación. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •