CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10090
https://notcve.org/view.php?id=CVE-2020-10090
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. GitLab versiones anteriores a 11.7 hasta 12.8.1, permite una Divulgación de Información. Bajo determinadas condiciones grupales, la información del epic del grupo se revelaba involuntariamente. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10091
https://notcve.org/view.php?id=CVE-2020-10091
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. GitLab versiones anteriores a 9.3 hasta 12.8.1, permite un ataque de tipo XSS. Se encontró una vulnerabilidad de tipo cross-site scripting en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10092
https://notcve.org/view.php?id=CVE-2020-10092
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. GitLab versiones 12.1 hasta 12.8.1, permite un ataque de tipo XSS. Una vulnerabilidad de tipo cross-site scripting estaba presente en una vista particular relacionada con la integración de Grafana. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12825
https://notcve.org/view.php?id=CVE-2019-12825
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo. Se detectó un Acceso no Autorizado en Container Registry de otros grupos en GitLab Enterprise versión 12.0.0-pre. • https://about.gitlab.com/blog/categories/releases https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry • CWE-922: Insecure Storage of Sensitive Information •