CVE-2019-15583
https://notcve.org/view.php?id=CVE-2019-15583
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. Se presenta una divulgación de información en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE). Cuando un problema fue trasladado hacia un proyecto público desde uno privado, las etiquetas privadas asociadas y el espacio de nombres del proyecto privado serían divulgados por medio de la API de GitLab. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/643854 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-15585
https://notcve.org/view.php?id=CVE-2019-15585
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. Se presenta una autenticación inapropiada en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), en la integración GitLab SAML se presenta un problema de comprobación que permitió a un atacante tomar el control de la cuenta de otro usuario. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released https://hackerone.com/reports/471323 • CWE-287: Improper Authentication •
CVE-2019-20144
https://notcve.org/view.php?id=CVE-2019-20144
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 10.8 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •
CVE-2019-20145
https://notcve.org/view.php?id=CVE-2019-20145
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.4 hasta la versión 12.6.1. Tiene un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released •
CVE-2019-20146
https://notcve.org/view.php?id=CVE-2019-20146
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Community Edition (CE) and Enterprise Edition (EE) versiones 11.0 hasta la versión 12.6. Permite un Consumo No Controlado de Recursos. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released • CWE-400: Uncontrolled Resource Consumption •