CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12430
https://notcve.org/view.php?id=CVE-2019-12430
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. Se detectó un problema en GitLab Community and Enterprise Edition versión 11.11. Permite una Inyección de Comandos. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12429
https://notcve.org/view.php?id=CVE-2019-12429
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.9 hasta 11.11. Tiene un Control de Acceso Inapropiado. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12428
https://notcve.org/view.php?id=CVE-2019-12428
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. Se detectó un problema en GitLab Community and Enterprise Edition versiones 6.8 hasta 11.11. Tiene una Autorización Inapropiada. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15594
https://notcve.org/view.php?id=CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. GitLab versiones 11.8 y posteriores, contiene una vulnerabilidad de seguridad que permite a un usuario obtener detalles de las tuberías restringidas por medio del endpoint de petición de combinación. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released https://hackerone.com/reports/507064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •