CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released •
CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVE-2019-15592
https://notcve.org/view.php?id=CVE-2019-15592
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline. GitLab versiones 12.2.2 y por debajo, contienen una vulnerabilidad de seguridad que permite a un usuario invitado en un proyecto privado visualizar el ID de la petición de combinación asociada a un problema por medio de la línea de tiempo de la actividad. • https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://hackerone.com/reports/588876 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-6833
https://notcve.org/view.php?id=CVE-2020-6833
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. Se detectó un problema en GitLab EE versiones 11.3 y posteriores. Una omisión de GitLab Workhorse podría conllevar a una divulgación de paquetes y archivos mediante el tráfico no autorizado de peticiones. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released •
CVE-2020-7968
https://notcve.org/view.php?id=CVE-2020-7968
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. GitLab EE versiones 8.0 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released • CWE-862: Missing Authorization •