106 matches found
GitLab EE Insecure Privilege Vulnerability (CNVD-2020-14342)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 12.2 suffers from an insecure privilege...
PT-2020-19888 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.7.3 Description: The issue allows for cross-site scripting XSS, which is a type of attack where an attacker can inject malicious scripts into a website. Recommendations: For versions prior to 12.7.3, update to...
CVE-2019-15586
A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...
Unspecified Vulnerability in GitLab (CNVD-2019-30487)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
GitLab: Uncontrolled Resource Consumption in any Markdown field using Mermaid
Summary I found a bypass for the mitigation of DoS via Mermaid CVE-2019-9220. As the mitigation for CVE-2019-9220, the input limit of 5000 characters is currently applied to a Mermaid code block, but it can be bypassed by simply splitting the longer payload to many code blocks. Steps to reproduce...
Gitlab GitlabProjectsImportService Remote Code Execution Vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github, with access to a project's file contents, commit history, bug lists, etc. The GitLab Community Edition CE ...