CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10081
https://notcve.org/view.php?id=CVE-2020-10081
13 Mar 2020 — GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. GitLab versiones anteriores a 12.8.2, presentan un Control de Acceso Incorrecto. Se detectó internamente que el proceso de importación de LFS podría ser usado potencialmente para acceder incorrectamente a objetos LFS que no son propiedad del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10087
https://notcve.org/view.php?id=CVE-2020-10087
13 Mar 2020 — GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. GitLab versiones anteriores a 12.8.2, permite una Divulgación de Información. Las imágenes de las tarjetas de identificación no estaban siendo procesadas por un proxy, causando advertencias de contenido mixto, así como un filtrado de la dirección IP del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10089
https://notcve.org/view.php?id=CVE-2020-10089
13 Mar 2020 — GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, GitLab versiones 8.11 hasta 12.8.1, permite una Denegación de Servicio cuando se usan varias funcionalidades para una petición eachother de forma recursiva. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-674: Uncontrolled Recursion •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10091
https://notcve.org/view.php?id=CVE-2020-10091
13 Mar 2020 — GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. GitLab versiones anteriores a 9.3 hasta 12.8.1, permite un ataque de tipo XSS. Se encontró una vulnerabilidad de tipo cross-site scripting en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13011
https://notcve.org/view.php?id=CVE-2019-13011
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. Se detectó un problema en GitLab Enterprise Edition versiones 8.11.0 hasta la versión 12.0.2. Mediante el uso de fuerza bruta, un usuario con acceso a un proyecto, pero no a su repositorio, podría crear una lista de nombres de plantillas de peticiones de fusión. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13010
https://notcve.org/view.php?id=CVE-2019-13010
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Enterprise Edition 8.3 a 12.0.2. El decodificador de códigos de color era vulnerable a un ataque de agotamiento de recursos si se usaban formatos específicos. • https://about.gitlab.com/blog/categories/releases •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13009
https://notcve.org/view.php?id=CVE-2019-13009
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. Se descubrió un problema en GitLab Community and Enterprise Edition 9.2 a 12.0.2. Los archivos cargados asociados con fragmentos personales no guardados eran accesibles para usuarios no autorizados debido a la configuración incorrecta de permisos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13006
https://notcve.org/view.php?id=CVE-2019-13006
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.0 hasta 12.0.2. Los usuarios con acceso a problemas, pero no el repositorio pudieron visualizar la cantidad de peticiones de fusión relacionadas en un problema. • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13003
https://notcve.org/view.php?id=CVE-2019-13003
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 12.0.3. Uno de los analizadores usados por Gilab CI era vulnerable a un ataque de agotamiento de recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12446
https://notcve.org/view.php?id=CVE-2019-12446
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.3 hasta 11.11. Permite una Exposición de la Información por medio de un Mensaje de Error. • https://about.gitlab.com/blog/categories/releases • CWE-209: Generation of Error Message Containing Sensitive Information •