CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5486
https://notcve.org/view.php?id=CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. Se presenta una vulnerabilidad de omisión de autenticación en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, en la integración de inicio de sesión de Salesforce lo que podría ser utilizado por un atacante para crear una cuenta que omitiera las restricciones de dominio y los requisitos de comprobación de correo electrónico. • https://hackerone.com/reports/617896 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15591
https://notcve.org/view.php?id=CVE-2019-15591
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. Se presenta una vulnerabilidad de control de acceso inapropiado en GitLab versiones anteriores a 12.3.3 lo que permite a un atacante obtener informes de escaneo de contenedores y dependencias por medio del widget de petición de fusión a pesar de que las tuberías públicas estaban deshabilitadas. • https://hackerone.com/reports/676976 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18447
https://notcve.org/view.php?id=CVE-2019-18447
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 12.4. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18448
https://notcve.org/view.php?id=CVE-2019-18448
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 12.4. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18449
https://notcve.org/view.php?id=CVE-2019-18449
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 12.4, en la funcionalidad autocomplete. Posee Permisos No Seguros (problema 2 de 2). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •