CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7979
https://notcve.org/view.php?id=CVE-2020-7979
05 Feb 2020 — GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE versiones 8.9 y posteriores hasta 12.7.2, presenta Permisos No Seguros. • https://about.gitlab.com/blog/categories/releases • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8114
https://notcve.org/view.php?id=CVE-2020-8114
05 Feb 2020 — GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE versiones 8.9 y posteriores hasta 12.7.2, presenta Permisos No Seguros. • https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5470
https://notcve.org/view.php?id=CVE-2019-5470
28 Jan 2020 — An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. Se detectó un problema de divulgación de información en GitLab versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, en el panel de seguridad que podría resultar en la divulgación de la información de retroalimentación de la vulnerabilidad. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5466
https://notcve.org/view.php?id=CVE-2019-5466
28 Jan 2020 — An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. Se detectó un IDOR en GitLab CE/EE versiones 11.5 y posteriores, que permitía nuevos endpoints de peticiones de fusión para revelar nombres de etiquetas. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5474
https://notcve.org/view.php?id=CVE-2019-5474
28 Jan 2020 — An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. Se detectó un problema de autorización en GitLab EE versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, permitiendo que las reglas de aprobación de petición de fusión sea anuladas sin los permisos apropiados. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5465
https://notcve.org/view.php?id=CVE-2019-5465
28 Jan 2020 — An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Se detectó un problema de divulgación de información en GitLab CE/EE versiones 8.14 y posteriores, mediante el uso de la funcionalidad move issue lo que podría resultar en la divulgación del ID de un problema creado recientemente. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5464
https://notcve.org/view.php?id=CVE-2019-5464
28 Jan 2020 — A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5462
https://notcve.org/view.php?id=CVE-2019-5462
28 Jan 2020 — A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. Se detectó un problema de escalada de privilegios en GitLab CE/EE versiones 9.0 y posteriores, cuando los tokens de activación no son rotados una vez que la propiedad de ellos ha cambiado. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20145
https://notcve.org/view.php?id=CVE-2019-20145
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.4 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •