CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15590
https://notcve.org/view.php?id=CVE-2019-15590
28 Jan 2020 — An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration Se presenta un problema de control de acceso en versiones anteriores a 12.3.5, versiones anteriores a 12.2.8 y versiones anteriores a 12.1.14 para GitLab Community Edition (CE) y Enterprise Edition (EE), donde las peticiones y problemas de fusión privada ... • https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5474
https://notcve.org/view.php?id=CVE-2019-5474
28 Jan 2020 — An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. Se detectó un problema de autorización en GitLab EE versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, permitiendo que las reglas de aprobación de petición de fusión sea anuladas sin los permisos apropiados. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15583
https://notcve.org/view.php?id=CVE-2019-15583
28 Jan 2020 — An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. Se presenta una divulgación de información en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE). Cuando... • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15585
https://notcve.org/view.php?id=CVE-2019-15585
28 Jan 2020 — Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. Se presenta una autenticación inapropiada en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), en la integración GitLab SAML se presenta un problema de comprob... • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15586
https://notcve.org/view.php?id=CVE-2019-15586
28 Jan 2020 — A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. Se presenta una vulnerabilidad de tipo XSS en Gitlab CE/EE versiones anteriores a 12.1.10, en el complemento Mermaid. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20145
https://notcve.org/view.php?id=CVE-2019-20145
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.4 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20146
https://notcve.org/view.php?id=CVE-2019-20146
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.0 hasta la versión 12.6. Permite un Consumo No Controlado de Recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20147
https://notcve.org/view.php?id=CVE-2019-20147
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 9.1 hasta la versión 12.6.1. tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20148
https://notcve.org/view.php?id=CVE-2019-20148
13 Jan 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 8.13 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases •