CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13006
https://notcve.org/view.php?id=CVE-2019-13006
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.0 hasta 12.0.2. Los usuarios con acceso a problemas, pero no el repositorio pudieron visualizar la cantidad de peticiones de fusión relacionadas en un problema. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13005
https://notcve.org/view.php?id=CVE-2019-13005
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. Se detectó un problema en GitLab Enterprise Edition and Community Edition versiones 1.10 hasta 12.0.2. El servicio graphql de GitLab era vulnerable a múltiples problemas de autorización que revelaban metadatos restringidos... • https://about.gitlab.com/blog/categories/releases •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13004
https://notcve.org/view.php?id=CVE-2019-13004
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2). Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.0.2. Cuando fueron agregados caracteres codificados específicos a los comentarios, la sección de comentarios se volvería inaccesible. tiene un Control de Acceso Incorrecto (proble... • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13003
https://notcve.org/view.php?id=CVE-2019-13003
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 12.0.3. Uno de los analizadores usados por Gilab CI era vulnerable a un ataque de agotamiento de recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13002
https://notcve.org/view.php?id=CVE-2019-13002
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.0.2. Usuarios no autorizados fueron capaces de leer información de la tubería de la última petición de fusión. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13001
https://notcve.org/view.php?id=CVE-2019-13001
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.9 y posteriores hasta 12.0.2. GitLab Snippets eran vulnerables a un problema de autorización que permitía a usuarios no autorizados agregar comentarios a un fragmento privado... • https://about.gitlab.com/blog/categories/releases • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12446
https://notcve.org/view.php?id=CVE-2019-12446
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.3 hasta 11.11. Permite una Exposición de la Información por medio de un Mensaje de Error. • https://about.gitlab.com/blog/categories/releases • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12445
https://notcve.org/view.php?id=CVE-2019-12445
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.4 hasta 11.11. Un usuario malicioso podría ejecutar código JavaScript en unas notas al importar un archivo de proyecto especialmente diseñado. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12444
https://notcve.org/view.php?id=CVE-2019-12444
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. Se ha detectado un problema en GitLab Community and Enterprise Edition versiones 8.9 hasta 11.11. Unas Páginas Wiki contenían una falta de comprobación de entrada que resultó en una vulnerabilidad de tipo XSS persistente. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12443
https://notcve.org/view.php?id=CVE-2019-12443
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. Se detectó un problema en GitLab Community and Enterprise Edition versiones 10.2 hasta 11.11. Múltiples funcionalidades contenían vulnerabilidades de tipo Server-Side Request Forgery (SSRF) causadas por una comprobación insuficiente para impedir ataques de tipo DNS rebinding... • https://about.gitlab.com/blog/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •