CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11546
https://notcve.org/view.php?id=CVE-2019-11546
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Presenta una condición de carrera que podría permiti... • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11545
https://notcve.org/view.php?id=CVE-2019-11545
09 Sep 2019 — An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. Se detectó un problema en GitLab Community Edition versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Permite la divulgación de información. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1CVE-2019-11544
https://notcve.org/view.php?id=CVE-2019-11544
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.x, 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.1... • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11605
https://notcve.org/view.php?id=CVE-2019-11605
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.8.x anteriores a 11.8.10, versiones 11.9.x anteriores a 11.9.11 y versiones 11.10.x anteriores a 11.10.3. Permite una Divulgación de Información. • https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2019-5473
https://notcve.org/view.php?id=CVE-2019-5473
09 Sep 2019 — An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. Se detectó un problema de autenticación en GitLab, que permitió omitir la comprobación por correo electrónico. Esto se abordó en GitLab versiones 12.1.2 y 12.0.4. • https://gitlab.com/gitlab-org/gitlab-ee/issues/11643 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 2CVE-2019-5471
https://notcve.org/view.php?id=CVE-2019-5471
09 Sep 2019 — An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de comprobación de entrada y codificación de salida en la funcionalidad de notificación de correo electrónico de GitLab lo que podría resultar un ataque XSS persistente. Esto se abordó en GitLab versiones 12.1.2, 12.0.4 y 11.11.6. • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 2CVE-2019-5467
https://notcve.org/view.php?id=CVE-2019-5467
09 Sep 2019 — An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de comprobación de entrada y codificación de salida en la funcionalidad de páginas wiki de GitLab CE/EE que podría resultar en un ataque de tipo XSS persistente. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5463
https://notcve.org/view.php?id=CVE-2019-5463
09 Sep 2019 — An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se detectó un problema de autorización en el end point de las imágenes de insignia CI de GitLab CE/EE, lo que podría resultar en la divulgación del estado de la compilación. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6. • https://gitlab.com/gitlab-org/gitlab-ce/issues/56407 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5461
https://notcve.org/view.php?id=CVE-2019-5461
09 Sep 2019 — An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se descubrió un problema de comprobación de entrada en la integración del servicio GitHub que podría resultar en que un atacante pueda realizar peticiones POST arbitrarias en la red interna de una instancia de GitLab. Esta vulnerabilidad se abordó en l... • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14943
https://notcve.org/view.php?id=CVE-2019-14943
29 Aug 2019 — An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. Se detectó un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.1.4. Utiliza Credenciales Embebidas. • https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released • CWE-798: Use of Hard-coded Credentials •