CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10090
https://notcve.org/view.php?id=CVE-2020-10090
13 Mar 2020 — GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. GitLab versiones anteriores a 11.7 hasta 12.8.1, permite una Divulgación de Información. Bajo determinadas condiciones grupales, la información del epic del grupo se revelaba involuntariamente. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10091
https://notcve.org/view.php?id=CVE-2020-10091
13 Mar 2020 — GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. GitLab versiones anteriores a 9.3 hasta 12.8.1, permite un ataque de tipo XSS. Se encontró una vulnerabilidad de tipo cross-site scripting en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10092
https://notcve.org/view.php?id=CVE-2020-10092
13 Mar 2020 — GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Una vulnerabilidad de tipo cross-site scripting estaba presente en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10535
https://notcve.org/view.php?id=CVE-2020-10535
12 Mar 2020 — GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. GitLab versiones 12.8.x anteriores a la versión 12.8.6, cuando el registro está habilitado, permite a atacantes remotos omitir las restricciones del dominio de correo electrónico dentro del período de gracia de dos días para una dirección de correo electrónico no confirmada. • https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13121
https://notcve.org/view.php?id=CVE-2019-13121
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. Se detectó un problema en GitLab Enterprise Edition versiones 10.6 hasta la versión 12.0.2. La integración del proyecto de GitHub era vulnerable a una vulnerabilidad de tipo SSRF que permitía a un atacante realizar peticiones a recursos de red local. • https://about.gitlab.com/blog/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13011
https://notcve.org/view.php?id=CVE-2019-13011
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. Se detectó un problema en GitLab Enterprise Edition versiones 8.11.0 hasta la versión 12.0.2. Mediante el uso de fuerza bruta, un usuario con acceso a un proyecto, pero no a su repositorio, podría crear una lista de nombres de plantillas de peticiones de fusión. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13010
https://notcve.org/view.php?id=CVE-2019-13010
10 Mar 2020 — An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Enterprise Edition 8.3 a 12.0.2. El decodificador de códigos de color era vulnerable a un ataque de agotamiento de recursos si se usaban formatos específicos. • https://about.gitlab.com/blog/categories/releases •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13009
https://notcve.org/view.php?id=CVE-2019-13009
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. Se descubrió un problema en GitLab Community and Enterprise Edition 9.2 a 12.0.2. Los archivos cargados asociados con fragmentos personales no guardados eran accesibles para usuarios no autorizados debido a la configuración incorrecta de permisos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13007
https://notcve.org/view.php?id=CVE-2019-13007
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.11 hasta la versión 12.0.2. Cuando un administrador habilitó una de las plantillas de servicio, estaba activando una acción que conlleva al agotamiento de los recursos. • https://about.gitlab.com/blog/categories/releases • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13006
https://notcve.org/view.php?id=CVE-2019-13006
10 Mar 2020 — An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.0 hasta 12.0.2. Los usuarios con acceso a problemas, pero no el repositorio pudieron visualizar la cantidad de peticiones de fusión relacionadas en un problema. • https://about.gitlab.com/blog/categories/releases •