CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15726
https://notcve.org/view.php?id=CVE-2019-15726
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. Se descubrió un problema en GitLab Community and Enterprise Edition versiones hasta 12.2.1. Las imágenes y los archivos multimedia insertados en Markdown podrían ser apuntados hacia un servidor arbitrario, que revelaría la dirección IP de los clientes que solic... • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15725
https://notcve.org/view.php?id=CVE-2019-15725
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.2.1. Un IDOR en la API de notas épicas que podría resultar en la divulgación de hitos privados, etiquetas y otra información. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15724
https://notcve.org/view.php?id=CVE-2019-15724
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.2.1. Las descripciones de etiquetas son vulnerables a la inyección HTML. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15723
https://notcve.org/view.php?id=CVE-2019-15723
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 11.9.x y versiones 11.10.x anteriores a 11.10.1. Las peticiones de fusión creadas por medio del correo electrónico podrían ser usadas para omitir las reglas de inserción en ciertas situaciones. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15722
https://notcve.org/view.php?id=CVE-2019-15722
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.15 hasta 12.2.1. Las expresiones matemáticas particulares en GitLab Markdown pueden agotar los recursos del cliente. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15721
https://notcve.org/view.php?id=CVE-2019-15721
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 10.8 hasta 12.2.1. Un end point interno permitió involuntariamente a los mantenedores del grupo visualizar y editar la configuración del ejecutor de grupo. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16170
https://notcve.org/view.php?id=CVE-2019-16170
16 Sep 2019 — An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. Se descubrió un problema en GitLab Enterprise Edition versiones 11.x y versiones 12.x anteriores a 12.0.9, versiones 12.1.x anteriores a 12.1.9 y versiones 12.2.x anteriores a 12.2.5. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2019-11549
https://notcve.org/view.php?id=CVE-2019-11549
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Gitaly permite un problema de divul... • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11548
https://notcve.org/view.php?id=CVE-2019-11548
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11547
https://notcve.org/view.php?id=CVE-2019-11547
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Presenta una Codificación Incorrecta o... • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •