PT-2020-15449 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gitlab Authentication Plugin versions 1.5 and earlier Description: The issue arises from the plugin not performing proper group authorization checks, leading to a privilege escalation. Specifically, it does not differentiate between...

PT-2020-13405 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 13.0.1 Description: The issue allows other group maintainers to view Kubernetes cluster tokens, potentially leading to unauthorized access. Recommendations: For GitLab CE/EE versions 10.3 through 13.0.1,...

PT-2020-13406 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.5 through 13.0.1 Description: The issue allows users to bypass email verification. Recommendations: For GitLab CE/EE versions 12.5 through 13.0.1, update to a version that contains a fix for this issue...

PT-2020-13403 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 13.0.1 Description: The issue allows for client-side code injection through Mermaid markup, enabling a specially crafted Mermaid payload to send PUT requests on behalf of other users via clicking on a link...

Unspecified Vulnerability in GitLab (CNVD-2020-63394 )

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

UBUNTU-CVE-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

PT-2020-13409 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.10 through 13.0.1 Description: A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. Recommendations: For GitLab CE/EE versio...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. CVE-2016-9086 is present in the provided context. The target product/service or framework is GitLab, the vulnerability class/vector is a remote code execution RCE vulnerability, the probable entry points are the data...

UBUNTU-CVE-2020-12277

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated...

PT-2020-13088 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.6 through 12.9 Description: The issue allows an external user to create a personal snippet through the API, resulting in a privilege escalation. Recommendations: For GitLab versions 12.6 through 12.9, update to a version th...

PT-2020-13090 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.8 through 12.9 Description: The issue allows someone to mirror a repository even if the feature is not activated. Recommendations: For GitLab versions 10.8 through 12.9, update to a version that contains a fix for this issu...

GitLab Information Disclosure Vulnerability (CNVD-2020-25735)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

PT-2020-12749 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE and EE versions 8.15 through 12.9.2 Description: An issue was discovered where members of a group could still have access after the group is deleted. Recommendations: For versions 8.15 through 12.9.2, update to a version that contai...

GitLab EE/CE SSRF Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An SSRF vulnerability exists in GitLab EE/CE, which can b...

Unspecified Vulnerability in GitLab EE/CE (CNVD-2020-22241)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab EE/CE, which ca...

GitLab EE/CE Path Traversal Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A path traversal vulnerability exists in GitLab EE/CE,...

GitLab EE/CE Information Disclosure Vulnerability (CNVD-2020-22238)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

PT-2020-12462 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 8.5 to 12.9 Description: The issue is related to a path traversal vulnerability that occurs when moving an issue between projects. Recommendations: For GitLab EE/CE versions 8.5 to 12.9, update to a version that contains...

Unspecified Vulnerability in GitLab (CNVD-2020-21481)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. GitLab Community and Enterprise Edition Security...