CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13003
https://notcve.org/view.php?id=CVE-2019-13003
An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a la versión 12.0.3. Uno de los analizadores usados por Gilab CI era vulnerable a un ataque de agotamiento de recursos. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13002
https://notcve.org/view.php?id=CVE-2019-13002
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.0.2. Usuarios no autorizados fueron capaces de leer información de la tubería de la última petición de fusión. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13001
https://notcve.org/view.php?id=CVE-2019-13001
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.9 y posteriores hasta 12.0.2. GitLab Snippets eran vulnerables a un problema de autorización que permitía a usuarios no autorizados agregar comentarios a un fragmento privado. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8113
https://notcve.org/view.php?id=CVE-2020-8113
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. GitLab versiones 10.7 hasta 12.7.2, presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/issues/31599 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8795
https://notcve.org/view.php?id=CVE-2020-8795
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. En GitLab Enterprise Edition (EE) versiones 12.5.0 hasta 12.7.5, compartir un grupo con un grupo podría otorgar acceso al proyecto a usuarios no autorizados. • https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released https://about.gitlab.com/releases/categories/releases •