CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10954
https://notcve.org/view.php?id=CVE-2020-10954
27 Mar 2020 — GitLab through 12.9 is affected by a potential DoS in repository archive download. GitLab versiones hasta 12.9, está afectado por una DoS potencial en una descarga de archivo del repositorio. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10955
https://notcve.org/view.php?id=CVE-2020-10955
27 Mar 2020 — GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10956
https://notcve.org/view.php?id=CVE-2020-10956
27 Mar 2020 — GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10074
https://notcve.org/view.php?id=CVE-2020-10074
13 Mar 2020 — GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. GitLab versiones 10.1 hasta 12.8.1, presenta un Control de Acceso Incorrecto. Se detectó un escenario en el cual una cuenta de GitLab podría ser controlada por medio de un enlace expirado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10076
https://notcve.org/view.php?id=CVE-2020-10076
13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se detectó una vulnerabilidad de tipo cross-site scripting almacenado cuando se desplegaban peticiones de fusión. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10077
https://notcve.org/view.php?id=CVE-2020-10077
13 Mar 2020 — GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10078
https://notcve.org/view.php?id=CVE-2020-10078
13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Se determinó que el formulario de solicitud de una petición de fusión presenta una vulnerabilidad de tipo cross-site scripting almacenado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10079
https://notcve.org/view.php?id=CVE-2020-10079
13 Mar 2020 — GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. GitLab versiones 7.10 hasta 12.8.1, presenta un Control de Acceso Incorrecto. En determinadas condiciones donde los usuarios debieron haber sido requeridos para configurar la autenticación de 2 factores, no habían sido requeridos. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10080
https://notcve.org/view.php?id=CVE-2020-10080
13 Mar 2020 — GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. GitLab versiones 8.3 hasta 12.8.1, permite una Divulgación de Información. Era posible que determinados no miembros accedieran a la página Contribution Analytics de un grupo privado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10081
https://notcve.org/view.php?id=CVE-2020-10081
13 Mar 2020 — GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. GitLab versiones anteriores a 12.8.2, presentan un Control de Acceso Incorrecto. Se detectó internamente que el proceso de importación de LFS podría ser usado potencialmente para acceder incorrectamente a objetos LFS que no son propiedad del usuario. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released •