CVE-2019-19086
https://notcve.org/view.php?id=CVE-2019-19086
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). Gitlab Enterprise Edition (EE) versiones anteriores a la versíon 12.5.1, tiene Permisos No Seguros (problema 1 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-19311
https://notcve.org/view.php?id=CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. GitLab EE versiones 8.14 hasta la versión 12.5, 12.4.3 y 12.3.6, permite un ataque de tipo XSS en los campos group y profile. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20497
https://notcve.org/view.php?id=CVE-2018-20497
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 11.4.13, versiones 11.5.x anteriores a la versión 11.5.6 y versiones 11.6.x anteriores a la versión 11.6.1. Permite un ataque de tipo SSRF. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51327 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-20488
https://notcve.org/view.php?id=CVE-2018-20488
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 11.4.13, versiones 11.5.x anteriores a la versión 11.5.6 y versiones 11.6.x anteriores a la versión 11.6.1. Permite una Exposición de Información. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53477 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-20494
https://notcve.org/view.php?id=CVE-2018-20494
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 11.4.13, versiones 11.5.x anteriores a la versión 11.5.6 y versiones 11.6.x anteriores a la versión 11.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54334 • CWE-863: Incorrect Authorization •