CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13009
https://notcve.org/view.php?id=CVE-2019-13009
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. Se descubrió un problema en GitLab Community and Enterprise Edition 9.2 a 12.0.2. Los archivos cargados asociados con fragmentos personales no guardados eran accesibles para usuarios no autorizados debido a la configuración incorrecta de permisos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13007
https://notcve.org/view.php?id=CVE-2019-13007
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.11 hasta la versión 12.0.2. Cuando un administrador habilitó una de las plantillas de servicio, estaba activando una acción que conlleva al agotamiento de los recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13006
https://notcve.org/view.php?id=CVE-2019-13006
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.0 hasta 12.0.2. Los usuarios con acceso a problemas, pero no el repositorio pudieron visualizar la cantidad de peticiones de fusión relacionadas en un problema. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13005
https://notcve.org/view.php?id=CVE-2019-13005
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. Se detectó un problema en GitLab Enterprise Edition and Community Edition versiones 1.10 hasta 12.0.2. El servicio graphql de GitLab era vulnerable a múltiples problemas de autorización que revelaban metadatos restringidos... • https://about.gitlab.com/blog/categories/releases •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13004
https://notcve.org/view.php?id=CVE-2019-13004
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2). Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.0.2. Cuando fueron agregados caracteres codificados específicos a los comentarios, la sección de comentarios se volvería inaccesible. tiene un Control de Acceso Incorrecto (proble... • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13003
https://notcve.org/view.php?id=CVE-2019-13003
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 12.0.3. Uno de los analizadores usados por Gilab CI era vulnerable a un ataque de agotamiento de recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13002
https://notcve.org/view.php?id=CVE-2019-13002
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.0.2. Usuarios no autorizados fueron capaces de leer información de la tubería de la última petición de fusión. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13001
https://notcve.org/view.php?id=CVE-2019-13001
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.9 y posteriores hasta 12.0.2. GitLab Snippets eran vulnerables a un problema de autorización que permitía a usuarios no autorizados agregar comentarios a un fragmento privado... • https://about.gitlab.com/blog/categories/releases • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
06 Mar 2020 — GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12825
https://notcve.org/view.php?id=CVE-2019-12825
17 Feb 2020 — Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. Se detectó un Acceso no Autorizado en Container Registry de otros grupos en GitLab Enterpris... • https://about.gitlab.com/blog/categories/releases • CWE-922: Insecure Storage of Sensitive Information •