CVE-2020-7968
https://notcve.org/view.php?id=CVE-2020-7968
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. GitLab EE versiones 8.0 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released • CWE-862: Missing Authorization •
CVE-2020-7973
https://notcve.org/view.php?id=CVE-2020-7973
GitLab through 12.7.2 allows XSS. GitLab versiones hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released https://gitlab.com/gitlab-org/security/gitlab/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4582
https://notcve.org/view.php?id=CVE-2013-4582
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. Las funciones (1) create_branch, (2) create_tag, (3) import_project y (4) fork_project en el archivo lib/gitlab_projects.rb en GitLab versiones 5.0 anteriores a 5.4.2, Community Edition versiones anteriores a 6.2.4, Enterprise Edition versiones anteriores a 6.2.1 y gitlab-shell versiones anteriores a 1.7.8, permite a usuarios autenticados remotos incluir información de archivos locales en los metadatos de un repositorio de Git por medio de la interfaz web. • http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab https://www.openwall.com/lists/oss-security/2013/11/18/4 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2013-4583
https://notcve.org/view.php?id=CVE-2013-4583
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. La función parse_cmd en el archivo lib/gitlab_shell.rb en GitLab versiones 5.0 anteriores a 5.4.2, Community Edition versiones anteriores a 6.2.4 y Enterprise Edition versiones anteriores a 6.2.1 y gitlab-shell versiones anteriores a 1.7.8, permite a usuarios autenticados remotos alcanzar privilegios y clonar repositorios arbitrarios . • http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab https://www.openwall.com/lists/oss-security/2013/11/18/4 • CWE-269: Improper Privilege Management •
CVE-2020-5197
https://notcve.org/view.php?id=CVE-2020-5197
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 5.1 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •