CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19086
https://notcve.org/view.php?id=CVE-2019-19086
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). Gitlab Enterprise Edition (EE) versiones anteriores a la versíon 12.5.1, tiene Permisos No Seguros (problema 1 de 2). • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19311
https://notcve.org/view.php?id=CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. GitLab EE versiones 8.14 hasta la versión 12.5, 12.4.3 y 12.3.6, permite un ataque de tipo XSS en los campos group y profile. • https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15584
https://notcve.org/view.php?id=CVE-2019-15584
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. Se presenta una denegación de servicio en gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, que permitiría a un atacante omitir la comprobación de entrada en los campos markdown para suspender la página afectada. • https://hackerone.com/reports/670572 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15589
https://notcve.org/view.php?id=CVE-2019-15589
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitiría que un usuario bloqueado pudiera ser capaz de usar el clon GIT y extraer si hubiera obtenido un token CI/CD antes. • https://hackerone.com/reports/497047 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5487
https://notcve.org/view.php?id=CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. Se presenta una vulnerabilidad de control de acceso inapropiado en Gitlab EE versiones anteriores a v12.3.3, versiones anteriores a v12.2.7 y versiones anteriores a v12.1.13, lo que permitió que la funcionalidad de búsqueda grupal con Elasticsearch devolviera código privado y fusionara peticiones y confirmaciones. • https://hackerone.com/reports/692252 • CWE-284: Improper Access Control •