CVE-2019-19263
https://notcve.org/view.php?id=CVE-2019-19263
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. GitLab Enterprise Edition (EE) versiones 8.2 y posteriores hasta la versíon 12.5, tiene Permisos No Seguros. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-19261
https://notcve.org/view.php?id=CVE-2019-19261
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. GitLab Enterprise Edition (EE) versiones 6.7 y posteriores hasta la 12.5, permite un ataque de tipo SSRF. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-19260
https://notcve.org/view.php?id=CVE-2019-19260
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tiene un Control de Acceso Incorrecto (problema 2 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-19257
https://notcve.org/view.php?id=CVE-2019-19257
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). GitLab Community Edition (CE) and Enterprise Edition (EE) versiones hasta la versión 12.5, tienen un Control de Acceso Incorrecto • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •
CVE-2019-19311
https://notcve.org/view.php?id=CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. GitLab EE versiones 8.14 hasta la versión 12.5, 12.4.3 y 12.3.6, permite un ataque de tipo XSS en los campos group y profile. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •