7.5CVSS
7.4AI Score
0.002EPSS
7.5CVSS
7.4AI Score
0.002EPSS
4.3CVSS
4.7AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
5.3CVSS
5.4AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.005EPSS
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information...
6.5CVSS
5.8AI Score
0.002EPSS
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary...
8.8CVSS
8.4AI Score
0.006EPSS
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label...
4.3CVSS
4.2AI Score
0.001EPSS
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked...
8.8CVSS
8.8AI Score
0.003EPSS
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback...
7.5CVSS
7AI Score
0.002EPSS
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic...
7.5CVSS
7.3AI Score
0.002EPSS
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate...
6.5CVSS
6AI Score
0.001EPSS
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through th...
7.5CVSS
6.9AI Score
0.002EPSS
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's...
9.8CVSS
9.3AI Score
0.003EPSS
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the url_blocker.rb which could result in SSRF where the library is...
9.8CVSS
9.2AI Score
0.004EPSS
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via...
5.3CVSS
4.8AI Score
0.001EPSS
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected...
5.3CVSS
4.8AI Score
0.001EPSS
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has...
8.8CVSS
8.7AI Score
0.004EPSS
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue...
4.3CVSS
4.2AI Score
0.001EPSS
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge...
5.3CVSS
4.8AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval...
5.3CVSS
4.9AI Score
0.001EPSS
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch...
7.5CVSS
7.3AI Score
0.002EPSS
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS...
6.1CVSS
5.8AI Score
0.97EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of...
4.3CVSS
4.3AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access...
5.3CVSS
5AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access...
4.3CVSS
4.4AI Score
0.001EPSS
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private...
5.3CVSS
4.8AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access...
4.3CVSS
4.3AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access...
4.3CVSS
4.4AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access...
5.3CVSS
5AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access...
5.3CVSS
5AI Score
0.001EPSS
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource...
5.3CVSS
4.9AI Score
0.001EPSS
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain...
9.8CVSS
10AI Score
0.03EPSS
7.5CVSS
7.3AI Score
0.003EPSS
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch...
7.5CVSS
7.4AI Score
0.002EPSS
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and...
7.5CVSS
7.4AI Score
0.003EPSS
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the...
5.8CVSS
5.6AI Score
0.001EPSS
4.9CVSS
5.2AI Score
0.001EPSS
4.3CVSS
4.8AI Score
0.001EPSS
4.3CVSS
4.7AI Score
0.001EPSS
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference...
4.3CVSS
4.7AI Score
0.001EPSS
5.3CVSS
5.5AI Score
0.001EPSS
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of...
5.3CVSS
5.5AI Score
0.001EPSS
5.3CVSS
5.5AI Score
0.001EPSS
4.3CVSS
4.7AI Score
0.001EPSS
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of...
5.4CVSS
5.7AI Score
0.001EPSS
4.3CVSS
4.8AI Score
0.001EPSS
8.8CVSS
8.5AI Score
0.002EPSS