CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5487
https://notcve.org/view.php?id=CVE-2019-5487
18 Dec 2019 — An improper access control vulnerability exists in Gitlab EE
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15575
https://notcve.org/view.php?id=CVE-2019-15575
18 Dec 2019 — A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. Se presenta una inyección de comando en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitió a un atacante inyectar comandos mediante la API por medio del ámbito blobs. • https://hackerone.com/reports/682442 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15576
https://notcve.org/view.php?id=CVE-2019-15576
18 Dec 2019 — An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. Se presenta una vulnerabilidad de divulgación de información en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitió a un atacante visualizar notas privadas del sistema desde un endpoint GraphQL. • https://hackerone.com/reports/633001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15577
https://notcve.org/view.php?id=CVE-2019-15577
18 Dec 2019 — An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. Se presenta una vulnerabilidad de divulgación de información en GitLab CE/EE versiones anteriores a v12.3.2, versiones anteriores a v12.2.6, versiones anteriores a v12.1.12, que permitió que se revelaran los hitos del proyecto por medio de la exploración de grupos. • https://hackerone.com/reports/636560 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 2CVE-2019-5469
https://notcve.org/view.php?id=CVE-2019-5469
18 Dec 2019 — An IDOR vulnerability exists in GitLab
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15580
https://notcve.org/view.php?id=CVE-2019-15580
18 Dec 2019 — An information exposure vulnerability exists in gitlab.com
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5486
https://notcve.org/view.php?id=CVE-2019-5486
18 Dec 2019 — A authentication bypass vulnerability exists in GitLab CE/EE
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15591
https://notcve.org/view.php?id=CVE-2019-15591
18 Dec 2019 — An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. Se presenta una vulnerabilidad de control de acceso inapropiado en GitLab versiones anteriores a 12.3.3 lo que permite a un atacante obtener informes de escaneo de contenedores y dependencias por medio del widget de petición de fusión a pesar de que las tuberías públicas estaban deshabilitada... • https://hackerone.com/reports/676976 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18446
https://notcve.org/view.php?id=CVE-2019-18446
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.15 hasta 12.4. Posee Permisos No Seguros (problema 1 de 2). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18447
https://notcve.org/view.php?id=CVE-2019-18447
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 12.4. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •