CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18453
https://notcve.org/view.php?id=CVE-2019-18453
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.6 hasta 12.4, en la funcionalidad add comments via email. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18454
https://notcve.org/view.php?id=CVE-2019-18454
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones 10.5 hasta 12.4, en la comprobación de enlaces para la funcionalidad de páginas RDoc wiki. Presenta una vulnerabilidad de tipo XSS. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18455
https://notcve.org/view.php?id=CVE-2019-18455
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11 hasta 12.4, cuando se construyen consultas GraphQL anidadas. Posee un bucle grande o infinito. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18456
https://notcve.org/view.php?id=CVE-2019-18456
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.17 hasta 12.4, en la funcionalidad Search provista por la integración de Elasticsearch. Posee Permisos No Seguros (problema 1 de 4). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18457
https://notcve.org/view.php?id=CVE-2019-18457
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.8 hasta 12.4, cuando maneja tokens de Seguridad. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-281: Improper Preservation of Permissions •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18458
https://notcve.org/view.php?id=CVE-2019-18458
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). Se detectó un problema en GitLab Community and Enterprise Edition versiones hasta 12.4. Posee Permisos No Seguros (problema 2 de 4). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18459
https://notcve.org/view.php?id=CVE-2019-18459
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.3 hasta 12.3, en la funcionalidad protected environments. Posee Permisos No Seguros (problema 3 de 4). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18460
https://notcve.org/view.php?id=CVE-2019-18460
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.15 hasta 12.4, en la funcionalidad Comments Search provista por la integración de Elasticsearch. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18461
https://notcve.org/view.php?id=CVE-2019-18461
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.3 hasta 12.3, cuando es agregado un subgrupo epic a un grupo público. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18462
https://notcve.org/view.php?id=CVE-2019-18462
26 Nov 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.3 hasta 12.4. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •