CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15721
https://notcve.org/view.php?id=CVE-2019-15721
16 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 10.8 hasta 12.2.1. Un end point interno permitió involuntariamente a los mantenedores del grupo visualizar y editar la configuración del ejecutor de grupo. • https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16170
https://notcve.org/view.php?id=CVE-2019-16170
16 Sep 2019 — An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. Se descubrió un problema en GitLab Enterprise Edition versiones 11.x y versiones 12.x anteriores a 12.0.9, versiones 12.1.x anteriores a 12.1.9 y versiones 12.2.x anteriores a 12.2.5. Posee un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6791
https://notcve.org/view.php?id=CVE-2019-6791
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Este presenta un Control de Acceso Inco... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-281: Improper Preservation of Permissions •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1CVE-2019-7176
https://notcve.org/view.php?id=CVE-2019-7176
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. Se descubrió un problema en GitLab Community and Enterprise Edition versiones 8.x (a partir de 8.9), 9.x, 10.xy versiones 11.x anteriores a 11.5.9, versiones 11.6.x anteriores a 11.6.7 y versiones 11.7.x anteriores a... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2019-6997
https://notcve.org/view.php?id=CVE-2019-6997
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. Se detectó un problema en GitLab Community and Enterprise Edition versiones 10.x (a partir de la 10.7) y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6996
https://notcve.org/view.php?id=CVE-2019-6996
09 Sep 2019 — An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups. Se detectó un problema en GitLab Enterprise Edition versiones 10.x (a partir de la 10.6) y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-6995
https://notcve.org/view.php?id=CVE-2019-6995
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. Se detectó un problema en GitLab Community and Enterprise Edition 8.x, 9.x, 10.xy versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-6960
https://notcve.org/view.php?id=CVE-2019-6960
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6795
https://notcve.org/view.php?id=CVE-2019-6795
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta una Distinción Visual... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6794
https://notcve.org/view.php?id=CVE-2019-6794
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite la divulgación de información (problema 5 de 6). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •