CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12445
https://notcve.org/view.php?id=CVE-2019-12445
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.4 hasta 11.11. Un usuario malicioso podría ejecutar código JavaScript en unas notas al importar un archivo de proyecto especialmente diseñado. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12444
https://notcve.org/view.php?id=CVE-2019-12444
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. Se ha detectado un problema en GitLab Community and Enterprise Edition versiones 8.9 hasta 11.11. Unas Páginas Wiki contenían una falta de comprobación de entrada que resultó en una vulnerabilidad de tipo XSS persistente. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12441
https://notcve.org/view.php?id=CVE-2019-12441
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.4 hasta 11.11. La funcionalidad de sucursales protegidas contenían un problema de control de acceso que resultó en la omisión de las reglas de restricción de sucursales protegidas... • https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12432
https://notcve.org/view.php?id=CVE-2019-12432
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.13 hasta 11.11. Permite una Divulgación de Información. • https://about.gitlab.com/blog/categories/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12431
https://notcve.org/view.php?id=CVE-2019-12431
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. Se ha detectado un problema en GitLab Community and Enterprise Edition versiones 8.13 hasta 11.11. Tiene un Control de Acceso Inapropiado. • https://about.gitlab.com/blog/categories/releases •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15594
https://notcve.org/view.php?id=CVE-2019-15594
14 Feb 2020 — GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. GitLab versiones 11.8 y posteriores, contiene una vulnerabilidad de seguridad que permite a un usuario obtener detalles de las tuberías restringidas por medio del endpoint de petición de combinación. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7968
https://notcve.org/view.php?id=CVE-2020-7968
05 Feb 2020 — GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. GitLab EE versiones 8.0 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7969
https://notcve.org/view.php?id=CVE-2020-7969
05 Feb 2020 — GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. GitLab EE versiones 8.0 y posteriores hasta 12.7.2, permite una Divulgación de Información. • https://about.gitlab.com/blog/categories/releases •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7973
https://notcve.org/view.php?id=CVE-2020-7973
05 Feb 2020 — GitLab through 12.7.2 allows XSS. GitLab versiones hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •