CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19314
https://notcve.org/view.php?id=CVE-2019-19314
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. GitLab EE versiones 8.4 hasta 12.5, 12.4.3 y 12.3.6, almacenaron varios tokens en texto plano. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/32381 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19312
https://notcve.org/view.php?id=CVE-2019-19312
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. GitLab EE versiones 8.14 hasta las versiones 12.5, 12.4.3 y 12.3.6, tiene un Control de Acceso Incorrecto. Después de que un proyecto cambió a privado, los repositorios previamente bifurcados podían aún ser capaces de obtener información sobre el proyecto privado mediante la API. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/28802 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19310
https://notcve.org/view.php?id=CVE-2019-19310
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. GitLab Enterprise Edition (EE) versiones 9.0 y posteriores hasta la versión 12.5, permite una Divulgación de Información. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19309
https://notcve.org/view.php?id=CVE-2019-19309
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. GitLab Enterprise Edition (EE) versiones 8.90 y posteriores hasta la versión 12.5, tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19263
https://notcve.org/view.php?id=CVE-2019-19263
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. GitLab Enterprise Edition (EE) versiones 8.2 y posteriores hasta la versíon 12.5, tiene Permisos No Seguros. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •