CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5468
https://notcve.org/view.php?id=CVE-2019-5468
28 Jan 2020 — An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. Se detectó un problema de escalada de privilegios en GitLab versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, cuando los comandos de barra de Mattermost son usados con una cuenta bloqueada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15581
https://notcve.org/view.php?id=CVE-2019-15581
28 Jan 2020 — An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. Se presenta un IDOR en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), que permitió al propietario o mantenedor del proyecto visualizar a los miembros de cualquier grupo pri... • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5466
https://notcve.org/view.php?id=CVE-2019-5466
28 Jan 2020 — An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. Se detectó un IDOR en GitLab CE/EE versiones 11.5 y posteriores, que permitía nuevos endpoints de peticiones de fusión para revelar nombres de etiquetas. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15582
https://notcve.org/view.php?id=CVE-2019-15582
28 Jan 2020 — An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. Se detectó un IDOR en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), que permitió a un mantenedor agregar cualquier grupo privado a un entorno protegido. • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15590
https://notcve.org/view.php?id=CVE-2019-15590
28 Jan 2020 — An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration Se presenta un problema de control de acceso en versiones anteriores a 12.3.5, versiones anteriores a 12.2.8 y versiones anteriores a 12.1.14 para GitLab Community Edition (CE) y Enterprise Edition (EE), donde las peticiones y problemas de fusión privada ... • https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5474
https://notcve.org/view.php?id=CVE-2019-5474
28 Jan 2020 — An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. Se detectó un problema de autorización en GitLab EE versiones anteriores a 12.1.2, versiones anteriores a 12.0.4 y versiones anteriores a 11.11.6, permitiendo que las reglas de aprobación de petición de fusión sea anuladas sin los permisos apropiados. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5465
https://notcve.org/view.php?id=CVE-2019-5465
28 Jan 2020 — An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. Se detectó un problema de divulgación de información en GitLab CE/EE versiones 8.14 y posteriores, mediante el uso de la funcionalidad move issue lo que podría resultar en la divulgación del ID de un problema creado recientemente. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15583
https://notcve.org/view.php?id=CVE-2019-15583
28 Jan 2020 — An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API. Se presenta una divulgación de información en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE). Cuando... • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5464
https://notcve.org/view.php?id=CVE-2019-5464
28 Jan 2020 — A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. Se detectó un problema de fallo de protección de un reenlace de DNS en GitLab CE/EE versiones 10.2 y posteriores, en el archivo "url_blocker.rb" que podría resultar en vulnerabilidad de tipo SSRF donde la biblioteca es utilizada. • https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15585
https://notcve.org/view.php?id=CVE-2019-15585
28 Jan 2020 — Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. Se presenta una autenticación inapropiada en versiones anteriores a 12.3.2, versiones anteriores a 12.2.6 y versiones anteriores a 12.1.12 para GitLab Community Edition (CE) y Enterprise Edition (EE), en la integración GitLab SAML se presenta un problema de comprob... • https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released • CWE-287: Improper Authentication •