CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10980
https://notcve.org/view.php?id=CVE-2020-10980
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. GitLab EE/CE versiones 8.0.rc1 hasta 12.9, es vulnerable a un ataque de tipo SSRF ciego en la integración de FogBugz. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10954
https://notcve.org/view.php?id=CVE-2020-10954
GitLab through 12.9 is affected by a potential DoS in repository archive download. GitLab versiones hasta 12.9, está afectado por una DoS potencial en una descarga de archivo del repositorio. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10956
https://notcve.org/view.php?id=CVE-2020-10956
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10077
https://notcve.org/view.php?id=CVE-2020-10077
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10079
https://notcve.org/view.php?id=CVE-2020-10079
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. GitLab versiones 7.10 hasta 12.8.1, presenta un Control de Acceso Incorrecto. En determinadas condiciones donde los usuarios debieron haber sido requeridos para configurar la autenticación de 2 factores, no habían sido requeridos. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-306: Missing Authentication for Critical Function •