CVE-2013-4583
https://notcve.org/view.php?id=CVE-2013-4583
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. La función parse_cmd en el archivo lib/gitlab_shell.rb en GitLab versiones 5.0 anteriores a 5.4.2, Community Edition versiones anteriores a 6.2.4 y Enterprise Edition versiones anteriores a 6.2.1 y gitlab-shell versiones anteriores a 1.7.8, permite a usuarios autenticados remotos alcanzar privilegios y clonar repositorios arbitrarios . • http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab https://www.openwall.com/lists/oss-security/2013/11/18/4 • CWE-269: Improper Privilege Management •
CVE-2019-19260
https://notcve.org/view.php?id=CVE-2019-19260
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tiene un Control de Acceso Incorrecto (problema 2 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-19257
https://notcve.org/view.php?id=CVE-2019-19257
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tienen un Control de Acceso Incorrecto • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-15584
https://notcve.org/view.php?id=CVE-2019-15584
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Se presenta una denegación de servicio en gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, que permitiría a un atacante omitir la comprobación de entrada en los campos markdown para suspender la página afectada. • https://hackerone.com/reports/670572 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-15589
https://notcve.org/view.php?id=CVE-2019-15589
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitiría que un usuario bloqueado pudiera ser capaz de usar el clon GIT y extraer si hubiera obtenido un token CI/CD antes. • https://hackerone.com/reports/497047 • CWE-284: Improper Access Control •