NotCVE - vendor:"Gitlab" product:"Gitlab" version:" >= 12.9.0

Page 79 of 400 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-13266

https://notcve.org/view.php?id=CVE-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions Una autorización no segura en Project Deploy Keys en GitLab CE/EE versiones 12.8 y posteriores hasta 13.0.1, permite a usuarios actualizar los permisos de las claves de despliegue de otros usuarios bajo determinadas condiciones • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13266.json https://gitlab.com/gitlab-org/gitlab/-/issues/208449 • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-12275

https://notcve.org/view.php?id=CVE-2020-12275

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. GitLab versiones 12.6 hasta 12.9 es vulnerable a una escalada de privilegios que permite a un usuario externo crear un fragmento personal por medio de la API. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released •

CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-12276

https://notcve.org/view.php?id=CVE-2020-12276

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. GitLab versiones 9.5.9 hasta 12.9, es vulnerable a un ataque de tipo XSS almacenado en una funcionalidad de notificación de administrador. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-12277

https://notcve.org/view.php?id=CVE-2020-12277

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. GitLab versiones 10.8 hasta 12.9, tiene una vulnerabilidad que permite a alguien reflejar un repositorio incluso si la función no está activada. • https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-11649

https://notcve.org/view.php?id=CVE-2020-11649

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted. Se descubrió un problema en GitLab CE and EE versiones 8.15 hasta la versión 12.9.2. Los miembros de un grupo aún podrían tener acceso después de que se elimine el grupo. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released • CWE-306: Missing Authentication for Critical Function •

1...77 78 79 80