CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10113
https://notcve.org/view.php?id=CVE-2019-10113
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption. Fue encontrado un problema en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. El realizar solicitudes concurrentes GET/api/v4/projects//languages puede permitir el Consumo de recursos no controlado. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/54977 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10111
https://notcve.org/view.php?id=CVE-2019-10111
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page. Se descubrió un problermaff en GitLab Community and Enterprise Edition anterior a la versión 11.7.8, versión 11.8.x anterior a la 11.8.4 y versión 11.9.x anterior a la 11.9.2. Permite XSS continuo en la página de solicitud de fusión "resolve conflicts". • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/56927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10110
https://notcve.org/view.php?id=CVE-2019-10110
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials. Se detecto un problema de permisos no seguros en GitLab Community and Enterprise Edition anterior 11.7.8, 11.8.x anterior 11.8.4, y anterior 11.9.2. La función "move issue" puede permitir a un usuario crear proyectos bajo cualquier espacio de nombres en cualquier instancia de GitLab en el que tienen credenciales. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/56865 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 2CVE-2019-10109
https://notcve.org/view.php?id=CVE-2019-10109
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present). Se descubrió un problema de exposición a la información ( problema 1 de 2) en GitLab Community and Enterprise Edition antes de 11.7.8, 11.8.x antes de 11.8.4 y 11.9.x antes de 11.9.2. Los datos de geolocalización EXIF no se eliminaron de las imágenes cuando se cargaron en GitLab. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/54220 https://gitlab.com/gitlab-org/gitlab-ce/issues/55469 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10108
https://notcve.org/view.php?id=CVE-2019-10108
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels. Un control de acceso incorrecto ( problema 1 de 2) fue descubierto en GitLab Community and Enterprise Edition anterior 11.7.8, 11.8.x anterior 11.8.4, and 11.9.x anterior 11.9.2, esto permitió a los no miembros de un grupo o proyecto privado añadir y leer etiquetas. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/56985 • CWE-639: Authorization Bypass Through User-Controlled Key •