CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10091
https://notcve.org/view.php?id=CVE-2020-10091
13 Mar 2020 — GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. GitLab versiones anteriores a 9.3 hasta 12.8.1, permite un ataque de tipo XSS. Se encontró una vulnerabilidad de tipo cross-site scripting en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10092
https://notcve.org/view.php?id=CVE-2020-10092
13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Una vulnerabilidad de tipo cross-site scripting estaba presente en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
06 Mar 2020 — GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12825
https://notcve.org/view.php?id=CVE-2019-12825
17 Feb 2020 — Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. Se detectó un Acceso no Autorizado en Container Registry de otros grupos en GitLab Enterpris... • https://about.gitlab.com/blog/categories/releases • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6833
https://notcve.org/view.php?id=CVE-2020-6833
05 Feb 2020 — An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Se detectó un problema en GitLab EE versiones 11.3 y posteriores. Una omisión de GitLab Workhorse podría conllevar a una divulgación de paquetes y archivos mediante el tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7966
https://notcve.org/view.php?id=CVE-2020-7966
05 Feb 2020 — GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. GitLab EE versiones 11.11 y posteriores hasta 12.7.2, permite un Salto de Directorio. • https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7967
https://notcve.org/view.php?id=CVE-2020-7967
05 Feb 2020 — GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). GitLab EE versiones 8.0 hasta 12.7.2, presenta Permisos No Seguros (problema 1 de 2). • https://about.gitlab.com/blog/categories/releases • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7968
https://notcve.org/view.php?id=CVE-2020-7968
05 Feb 2020 — GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. GitLab EE versiones 8.0 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7969
https://notcve.org/view.php?id=CVE-2020-7969
05 Feb 2020 — GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. GitLab EE versiones 8.0 y posteriores hasta 12.7.2, permite una Divulgación de Información. • https://about.gitlab.com/blog/categories/releases •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-7971
https://notcve.org/view.php?id=CVE-2020-7971
05 Feb 2020 — GitLab EE 11.0 and later through 12.7.2 allows XSS. GitLab EE versiones 11.0 y posteriores hasta 12.7.2, permite un ataque de tipo XSS. • https://about.gitlab.com/blog/categories/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •