CVE-2020-10955
https://notcve.org/view.php?id=CVE-2020-10955
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. GitLab EE/CE versiones 11.1 hasta 12.9, es vulnerable a una manipulación de parámetros en una funcionalidad de carga que permite a un usuario no autorizado leer el contenido disponible bajo carpetas específicas. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases https://www.debian.org/security/2020/dsa-4691 • CWE-862: Missing Authorization •
CVE-2020-10956
https://notcve.org/view.php?id=CVE-2020-10956
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. GitLab versiones 8.10 y posteriores a 12.9, es vulnerable a un ataque de tipo SSRF en una funcionalidad de nota de importación de proyecto. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released https://about.gitlab.com/releases/categories/releases • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-10074
https://notcve.org/view.php?id=CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. GitLab versiones 10.1 hasta 12.8.1, presenta un Control de Acceso Incorrecto. Se detectó un escenario en el cual una cuenta de GitLab podría ser controlada por medio de un enlace expirado. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html •
CVE-2020-10077
https://notcve.org/view.php?id=CVE-2020-10077
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. GitLab EE versiones 3.0 hasta 12.8.1, permite un ataque de tipo SSRF. Una investigación interna reveló que un servicio obsoleto en particular estaba creando un riesgo de falsificación de petición del lado del servidor. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-10079
https://notcve.org/view.php?id=CVE-2020-10079
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. GitLab versiones 7.10 hasta 12.8.1, presenta un Control de Acceso Incorrecto. En determinadas condiciones donde los usuarios debieron haber sido requeridos para configurar la autenticación de 2 factores, no habían sido requeridos. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-306: Missing Authentication for Critical Function •