CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7973
https://notcve.org/view.php?id=CVE-2020-7973
05 Feb 2020 — GitLab through 12.7.2 allows XSS. GitLab versiones hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7974
https://notcve.org/view.php?id=CVE-2020-7974
05 Feb 2020 — GitLab EE 10.1 through 12.7.2 allows Information Disclosure. GitLab EE versiones 10.1 hasta 12.7.2, permite una Divulgación de Información. • https://about.gitlab.com/blog/categories/releases •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7977
https://notcve.org/view.php?id=CVE-2020-7977
05 Feb 2020 — GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. GitLab EE versiones 8.8 y posteriores hasta 12.7.2, presenta Permisos No Seguros. • https://about.gitlab.com/blog/categories/releases • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7979
https://notcve.org/view.php?id=CVE-2020-7979
05 Feb 2020 — GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE versiones 8.9 y posteriores hasta 12.7.2, presenta Permisos No Seguros. • https://about.gitlab.com/blog/categories/releases • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8114
https://notcve.org/view.php?id=CVE-2020-8114
05 Feb 2020 — GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE versiones 8.9 y posteriores hasta 12.7.2, presenta Permisos No Seguros. • https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5470
https://notcve.org/view.php?id=CVE-2019-5470
28 Jan 2020 — An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. Se detectó un problema de divulgación de información en GitLab versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, en el panel de seguridad que podría resultar en la divulgación de la información de retroalimentación de la vulnerabilidad. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5465
https://notcve.org/view.php?id=CVE-2019-5465
28 Jan 2020 — An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Se detectó un problema de divulgación de información en GitLab CE/EE versiones 8.14 y posteriores, mediante el uso de la funcionalidad move issue lo que podría resultar en la divulgación del ID de un problema creado recientemente. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5464
https://notcve.org/view.php?id=CVE-2019-5464
28 Jan 2020 — A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5462
https://notcve.org/view.php?id=CVE-2019-5462
28 Jan 2020 — A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •