CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-5461
https://notcve.org/view.php?id=CVE-2019-5461
09 Sep 2019 — An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. Se descubrió un problema de comprobación de entrada en la integración del servicio GitHub que podría resultar en que un atacante pueda realizar peticiones POST arbitrarias en la red interna de una instancia de GitLab. Esta vulnerabilidad se abordó en l... • https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14943
https://notcve.org/view.php?id=CVE-2019-14943
29 Aug 2019 — An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. Se detectó un problema en GitLab Community and Enterprise Edition versiones 12.0 hasta 12.1.4. Utiliza Credenciales Embebidas. • https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19578
https://notcve.org/view.php?id=CVE-2018-19578
10 Jul 2019 — GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. EE de GitLab, versiones 11.5 anteriores a 11.5.1, es vulnerable a un problema de referencia de objeto no seguro lo que permite a un usuario con privilegios Reporter visualizar la página de Jaeger Tracing Operations . • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19579
https://notcve.org/view.php?id=CVE-2018-19579
10 Jul 2019 — GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. EE versión 11.5 de GitLab, es susceptible a una vulnerabilidad de tipo XSS persistente en la página Operations. Esto se corrige en versión 11.5.1. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-19584
https://notcve.org/view.php?id=CVE-2018-19584
10 Jul 2019 — GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. EE, versiones 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab , es susceptible a una vulnerabilidad de referencia de objeto directo no seguro que permite a los usuarios identificados, per... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-19581
https://notcve.org/view.php?id=CVE-2018-19581
10 Jul 2019 — GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. EE, versiones 8.3 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, es susceptible a una vulnerabilidad de referencia de objeto no segura que permite a un usuario Guest establecer el peso de un problema que han diseñado. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19582
https://notcve.org/view.php?id=CVE-2018-19582
10 Jul 2019 — GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. EE, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, esta afectado por una vulnerabilidad de referencia de objeto directo no segura que permite a un usuario no autorizado publicar los comentarios de una petición de fusión preliminar de otro usuario. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19583
https://notcve.org/view.php?id=CVE-2018-19583
10 Jul 2019 — GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. CE/EE, versiones 8.0 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, registraría tokens de acceso en los registros Workhorse, permitiendo a los administradores con acceso a los registros visualizar otros tokens de usuar... • http://www.securityfocus.com/bid/109166 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19580
https://notcve.org/view.php?id=CVE-2018-19580
10 Jul 2019 — All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 5CVE-2018-19571 – GitLab 11.4.7 - RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2018-19571
10 Jul 2019 — GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 • CWE-918: Server-Side Request Forgery (SSRF) •