CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11649
https://notcve.org/view.php?id=CVE-2020-11649
22 Apr 2020 — An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted. Se descubrió un problema en GitLab CE and EE versiones 8.15 hasta la versión 12.9.2. Los miembros de un grupo aún podrían tener acceso después de que se elimine el grupo. • https://about.gitlab.com/blog/categories/releases • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11506
https://notcve.org/view.php?id=CVE-2020-11506
22 Apr 2020 — An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. Se descubrió un problema en GitLab versiones 10.7.0 y posteriores hasta la versión 12.9.2. Una omisión de Workhorse podría conllevar a una carga de artefactos de trabajo y una divulgación de archivos (Exposición de información confidencial) por medio del tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11505
https://notcve.org/view.php?id=CVE-2020-11505
22 Apr 2020 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones anteriores a la versión 12.7.9, versiones 12.8.x anteriores a la versión 12.8.9 y versiones 12.9.x anteriores a la versión 12.9.3. Una omisión... • https://about.gitlab.com/blog/categories/releases • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10952
https://notcve.org/view.php?id=CVE-2020-10952
27 Mar 2020 — GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. GitLab EE/CE versiones 8.11 hasta 12.9.1, permite a usuarios bloqueados extraer y empujar imágenes de docker. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10955 – Debian Security Advisory 4691-1
https://notcve.org/view.php?id=CVE-2020-10955
27 Mar 2020 — GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third... • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10956
https://notcve.org/view.php?id=CVE-2020-10956
27 Mar 2020 — GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •