CVSS: 7.0EPSS: 6%CPEs: 3EXPL: 1CVE-2019-6793
https://notcve.org/view.php?id=CVE-2019-6793
09 Sep 2019 — An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. Se detectó un problema en GitLab Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. La funcionalidad de integración de Jira es vulnerable a un problema de tipo SSRF ciego no autenticado. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6792
https://notcve.org/view.php?id=CVE-2019-6792
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite una Divulgación de Ruta. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6789
https://notcve.org/view.php?id=CVE-2019-6789
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this will disclose the new project namespace to an unauthorized user. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6788
https://notcve.org/view.php?id=CVE-2019-6788
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Pe... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6786
https://notcve.org/view.php?id=CVE-2019-6786
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto (problema ... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6785
https://notcve.org/view.php?id=CVE-2019-6785
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x versiones anteriores a 11.7.1. Permite una Denegación de Servicio. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6784
https://notcve.org/view.php?id=CVE-2019-6784
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Esta permite un ataque de tipo XSS (problema 1 de 2... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6783
https://notcve.org/view.php?id=CVE-2019-6783
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. Se descubrió un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. GitLab Pages contiene una vulnerabilidad de salto de directorio que podría conllevar a la ejecución de ... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-6782
https://notcve.org/view.php?id=CVE-2019-6782
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Permite la divulgación de información (problema 1 de 6). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2019-11549
https://notcve.org/view.php?id=CVE-2019-11549
09 Sep 2019 — An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Gitaly permite un problema de divul... • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released • CWE-532: Insertion of Sensitive Information into Log File •