Vulnerabilities (CVE)

Vendor filter

Gitlab Subscribe

Filter

181 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15724 1 Gitlab 1 Gitlab 2019-09-17 4.3
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.
CVE-2019-15721 1 Gitlab 1 Gitlab 2019-09-17 5.5
An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
CVE-2019-15731 1 Gitlab 1 Gitlab 2019-09-17 5.0
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.
CVE-2019-15725 1 Gitlab 1 Gitlab 2019-09-17 5.0
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
CVE-2019-15733 1 Gitlab 1 Gitlab 2019-09-17 4.0
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
CVE-2019-15738 1 Gitlab 1 Gitlab 2019-09-17 5.0
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
CVE-2019-15740 1 Gitlab 1 Gitlab 2019-09-17 5.0
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVE-2019-15739 1 Gitlab 1 Gitlab 2019-09-17 4.3
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVE-2019-6788 1 Gitlab 1 Gitlab 2019-09-11 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it...
CVE-2019-6795 1 Gitlab 1 Gitlab 2019-09-11 5.8
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are...
CVE-2019-11544 1 Gitlab 1 Gitlab 2019-09-10 4.0
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an...
CVE-2019-11545 1 Gitlab 1 Gitlab 2019-09-10 4.0
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users...
CVE-2019-11546 1 Gitlab 1 Gitlab 2019-09-10 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach...
CVE-2019-11547 1 Gitlab 1 Gitlab 2019-09-10 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't...
CVE-2019-11548 1 Gitlab 1 Gitlab 2019-09-10 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
CVE-2019-11549 1 Gitlab 1 Gitlab 2019-09-10 4.0
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in...
CVE-2019-6789 1 Gitlab 1 Gitlab 2019-09-10 4.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive...
CVE-2019-6792 1 Gitlab 1 Gitlab 2019-09-10 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance...
CVE-2019-6960 1 Gitlab 1 Gitlab 2019-09-10 7.5
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki...
CVE-2019-6785 1 Gitlab 1 Gitlab 2019-09-10 4.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.