CVE-2019-15725
https://notcve.org/view.php?id=CVE-2019-15725
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.2.1. Un IDOR en la API de notas épicas que podría resultar en la divulgación de hitos privados, etiquetas y otra información. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/11431 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2019-15724
https://notcve.org/view.php?id=CVE-2019-15724
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 11.10 hasta 12.2.1. Las descripciones de etiquetas son vulnerables a la inyección HTML. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/60888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15722
https://notcve.org/view.php?id=CVE-2019-15722
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.15 hasta 12.2.1. Las expresiones matemáticas particulares en GitLab Markdown pueden agotar los recursos del cliente. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61410 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-15721
https://notcve.org/view.php?id=CVE-2019-15721
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 10.8 hasta 12.2.1. Un end point interno permitió involuntariamente a los mantenedores del grupo visualizar y editar la configuración del ejecutor de grupo. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61981 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-16170
https://notcve.org/view.php?id=CVE-2019-16170
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. Se descubrió un problema en GitLab Enterprise Edition versiones 11.x y versiones 12.x anteriores a 12.0.9, versiones 12.1.x anteriores a 12.1.9 y versiones 12.2.x anteriores a 12.2.5. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released •