CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 1CVE-2019-14944
https://notcve.org/view.php?id=CVE-2019-14944
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://gitlab.com/gitlab-org/gitaly/issues/1801 https://gitlab.com/gitlab-org/gitaly/issues/1802 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-15472
https://notcve.org/view.php?id=CVE-2018-15472
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17449
https://notcve.org/view.php?id=CVE-2018-17449
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2019-14942
https://notcve.org/view.php?id=CVE-2019-14942
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released https://gitlab.com/gitlab-org/gitlab-pages/issues/232 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17453
https://notcve.org/view.php?id=CVE-2018-17453
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released •