CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2019-19628
https://notcve.org/view.php?id=CVE-2019-19628
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. En GitLab EE versiones 11.3 hasta 12.5.3, 12.4.5 y 12.3.8, un saneamiento de parámetro insuficiente para el registro del paquete Maven podría derivar a una escalada de privilegios y vulnerabilidades de ejecución de código remota bajo determinadas condiciones. • https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19314
https://notcve.org/view.php?id=CVE-2019-19314
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. GitLab EE versiones 8.4 hasta 12.5, 12.4.3 y 12.3.6, almacenaron varios tokens en texto plano. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/32381 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19312
https://notcve.org/view.php?id=CVE-2019-19312
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. GitLab EE versiones 8.14 hasta las versiones 12.5, 12.4.3 y 12.3.6, tiene un Control de Acceso Incorrecto. Después de que un proyecto cambió a privado, los repositorios previamente bifurcados podían aún ser capaces de obtener información sobre el proyecto privado mediante la API. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/28802 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19310
https://notcve.org/view.php?id=CVE-2019-19310
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. GitLab Enterprise Edition (EE) versiones 9.0 y posteriores hasta la versión 12.5, permite una Divulgación de Información. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19309
https://notcve.org/view.php?id=CVE-2019-19309
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. GitLab Enterprise Edition (EE) versiones 8.90 y posteriores hasta la versión 12.5, tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases •