CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12431
https://notcve.org/view.php?id=CVE-2019-12431
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. Se ha detectado un problema en GitLab Community and Enterprise Edition versiones 8.13 hasta 11.11. Tiene un Control de Acceso Inapropiado. • https://about.gitlab.com/blog/categories/releases •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
06 Mar 2020 — GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15594
https://notcve.org/view.php?id=CVE-2019-15594
14 Feb 2020 — GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. GitLab versiones 11.8 y posteriores, contiene una vulnerabilidad de seguridad que permite a un usuario obtener detalles de las tuberías restringidas por medio del endpoint de petición de combinación. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15592
https://notcve.org/view.php?id=CVE-2019-15592
14 Feb 2020 — GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. GitLab versiones 12.2.2 y por debajo, contienen una vulnerabilidad de seguridad que permite a un usuario invitado en un proyecto privado visualizar el ID de la petición de combinación asociada a un problema por medio de la línea de tiempo de la actividad. • https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6833
https://notcve.org/view.php?id=CVE-2020-6833
05 Feb 2020 — An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Se detectó un problema en GitLab EE versiones 11.3 y posteriores. Una omisión de GitLab Workhorse podría conllevar a una divulgación de paquetes y archivos mediante el tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7968
https://notcve.org/view.php?id=CVE-2020-7968
05 Feb 2020 — GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. GitLab EE versiones 8.0 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7969
https://notcve.org/view.php?id=CVE-2020-7969
05 Feb 2020 — GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. GitLab EE versiones 8.0 y posteriores hasta 12.7.2, permite una Divulgación de Información. • https://about.gitlab.com/blog/categories/releases •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7971
https://notcve.org/view.php?id=CVE-2020-7971
05 Feb 2020 — GitLab EE 11.0 and later through 12.7.2 allows XSS. GitLab EE versiones 11.0 y posteriores hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7973
https://notcve.org/view.php?id=CVE-2020-7973
05 Feb 2020 — GitLab through 12.7.2 allows XSS. GitLab versiones hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •