CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6790
https://notcve.org/view.php?id=CVE-2019-6790
17 May 2019 — An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. Se detectó un problema de control de acceso incorrecto (problema 2 de 3) en GitLab Community and Enterprise Edition 8.14 y versiones posteriores, pero antes de 11.5.8, 11.6.x antes de 11.6.6 y 11.7.x antes de 11.7.1. Los usuarios invitados pudieron ver la... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6787
https://notcve.org/view.php?id=CVE-2019-6787
17 May 2019 — An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. Se descubrió un problema de control de acceso incorrecto en GitLab Community and Enterprise Edition antes de 11.5.8, 11.6.x antes de 11.6.6 y 11.7.x antes de 11.7.1. La API de GitLab permitió a los mantenedores y propietarios del proyecto ver los token... • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5883
https://notcve.org/view.php?id=CVE-2019-5883
17 May 2019 — An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to. Fue descubierto un problema de Control de Acceso Incorrecto en GitLab Community y Enterprise Edition 6.0 y superior, pero antes de 11.3.11, 11.4.x antes de 11.4.8 y 11.5.x antes de 11.5.1. La función de comentarios defectuosa podría ... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-20500
https://notcve.org/view.php?id=CVE-2018-20500
17 May 2019 — An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. Fue descubierto un problema con los permisos inseguros en GitLab Community and Enterprise Edition 9.4 y versiones superiores, anteriores a 11.4.13, 11.5.x anteriores a 11.5.6 y ... • https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2018-19585 – GitLab 11.4.7 - RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2018-19585
17 May 2019 — GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. En GitLab CE/EE en versiones desde 8.18 hasta 11.x anteriores a 11.3.11, 11.4.x anteriores a 11.4.8 y 11.5.x anteriores de 11.5.1, tienen inyección de CRLF en Project Mirroring cuando se utiliza el protocolo Git. • https://www.exploit-db.com/exploits/49334 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10112
https://notcve.org/view.php?id=CVE-2019-10112
16 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. Fue encontrado un problema en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. La construcción de la clave HMAC fue derivada inseguramente. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10117
https://notcve.org/view.php?id=CVE-2019-10117
16 May 2019 — An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. Fue encontrado un problema de Redireccionamiento abierto en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. Es activada una redirección después de una aut... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10116
https://notcve.org/view.php?id=CVE-2019-10116
16 May 2019 — An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. Se detectó un problema de permisos no seguros (número 3 de 3) en GitLab Community and Enterprise Edition versión anterior a 11.7.8, versión 11.8.x anterior a 11.8.4 y versión 11.9.x anterior a 11.9.2. A los invitados de un proyecto se les permitió ver Branches relaci... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10115
https://notcve.org/view.php?id=CVE-2019-10115
16 May 2019 — An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. Fue encontrado un problema de permisos no seguros (problema 2 de 3) en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior de 11.9.2. La funci... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10114
https://notcve.org/view.php?id=CVE-2019-10114
16 May 2019 — An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data. Fue encontrado un problema de exposición de información (problema 2 de 2) en GitLab Community and Enterprise Edition anterior de la versión 11.7.8, versión 11.8.x anterior de 11.8.4 y versión 11.9.x anterior d... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-203: Observable Discrepancy •