CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1CVE-2019-11544
https://notcve.org/view.php?id=CVE-2019-11544
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.x, 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Permite la divulgación de información. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58372 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11605
https://notcve.org/view.php?id=CVE-2019-11605
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.8.x anteriores a 11.8.10, versiones 11.9.x anteriores a 11.9.11 y versiones 11.10.x anteriores a 11.10.3. Permite una Divulgación de Información. • https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10112
https://notcve.org/view.php?id=CVE-2019-10112
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. Fue encontrado un problema en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. La construcción de la clave HMAC fue derivada inseguramente. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ee/issues/9730 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10117
https://notcve.org/view.php?id=CVE-2019-10117
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. Fue encontrado un problema de Redireccionamiento abierto en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. Es activada una redirección después de una autorización con éxito dentro de Oauth/:GeoAuthController para el nodo secundario Geo. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ee/issues/9731 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10116
https://notcve.org/view.php?id=CVE-2019-10116
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. Se detectó un problema de permisos no seguros (número 3 de 3) en GitLab Community and Enterprise Edition versión anterior a 11.7.8, versión 11.8.x anterior a 11.8.4 y versión 11.9.x anterior a 11.9.2. A los invitados de un proyecto se les permitió ver Branches relacionadas creadas para un problema. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/56224 • CWE-732: Incorrect Permission Assignment for Critical Resource •