CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9756
https://notcve.org/view.php?id=CVE-2019-9756
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. Se descubrió un problema en GitLab Community and Enterprise Edition versión 10.x (a partir de 10.8) y versión 11.x anterior a 11.6.10, versión 11.7.x anterior a 11.7.6 y versión 11.8.x anterior a 11.8.1. tiene un control de acceso, una vulnerabilidad diferente a la C... • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-7155
https://notcve.org/view.php?id=CVE-2019-7155
16 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x, y 11.x en versiones anteriores a la 11.5.8, 11.6.x en versiones anteriores ... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6796
https://notcve.org/view.php?id=CVE-2019-6796
11 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. Se detecto un problema en GitLab Community and Enterprise Edition anterior a versión 11.5.8, versión 11.6.x anterior a 11.6.6 y versión 11.7.x anterior a 11.7.1. Permite una vulnerabilidad de tipo XSS (problema 2 de 2). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-20229
https://notcve.org/view.php?id=CVE-2018-20229
04 Apr 2019 — GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. GitLab Community and Enterprise Edition, en versiones anteriores a la 11.3.14, las 11.4.x en versiones anteriores a la 11.4.12 y las 11.5.x en versiones anteriores a la 11.5.5 permite saltos de directorio. • https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-20144
https://notcve.org/view.php?id=CVE-2018-20144
28 Mar 2019 — GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. GitLab Community and Enterprise Edition, en las versiones 11.x anteriores a la 11.3.13 y en las 11.4.x anteriores a la 11.4.11 y en las 11.5.x anteriores a la 11.5.4, tiene un control de acceso incorrecto. • https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19856
https://notcve.org/view.php?id=CVE-2018-19856
26 Mar 2019 — GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. GitLab CE/EE, en versiones anteriores a la 11.3.12, versiones 11.4.x anteriores a la 11.4.10 y versiones 11.5.x anteriores a la 11.5.3, permite el salto de directorio en la API de plantillas. • https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6240
https://notcve.org/view.php?id=CVE-2019-6240
25 Mar 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Se ha descubierto un problema en GitLab Community y Enterprise Edition en versiones anteriores a la 11.14. Permite el salto de directorio. • https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-17939
https://notcve.org/view.php?id=CVE-2018-17939
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.1.8, versiones 11.2.x anteriores a la 11.2.5 y versiones 11.3.x anteriores a la 11.3.2. Hay una exposición de información mediante el endpoint de petición JSON "merge". • https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17975
https://notcve.org/view.php?id=CVE-2018-17975
04 Dec 2018 — An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API. Se ha descubierto un problema en la edición Community de GitLab, en versiones 11.1.x anteriores a la 11.1.8, versiones 11.2.x anteriores a la 11.2.5 y versiones 11.3.x anteriores a la 11.3.2. Hay una exposición de información mediante la API de marcado GFM. • https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17976
https://notcve.org/view.php?id=CVE-2018-17976
04 Dec 2018 — An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions. Se ha descubierto un problema en la edición Community de GitLab, en versiones 11.1.x anteriores a la 11.1.8, versiones 11.2.x anteriores a la 11.2.5 y versiones 11.3.x anteriores a la 11.3.2. Hay una exposición de información mediante las descripciones de cambios Epic. • https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •