CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18461
https://notcve.org/view.php?id=CVE-2019-18461
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.3 hasta 12.3, cuando es agregado un subgrupo epic a un grupo público. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18462
https://notcve.org/view.php?id=CVE-2019-18462
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. Se detectó un problema en GitLab Community and Enterprise Edition versiones 11.3 hasta 12.4. Posee Permisos No Seguros. • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18463
https://notcve.org/view.php?id=CVE-2019-18463
An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). Se detectó un problema en GitLab Community and Enterprise Edition versiones hasta 12.4. Posee Permisos No Seguros (problema 4 de 4). • https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released https://about.gitlab.com/blog/categories/releases • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15729
https://notcve.org/view.php?id=CVE-2019-15729
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.18 hasta 12.2.1. Un end point interno divulgó involuntariamente información sobre la última pipeline que se ejecutó para una petición de fusión. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/62073 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15740
https://notcve.org/view.php?id=CVE-2019-15740
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. Se detectó un problema en GitLab Community and Enterprise Edition versiones 7.9 hasta 12.2.1. Los datos de geolocalización de EXIF no estaban siendo eliminados desde ciertas cargas de imágenes. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/61390 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •