UBUNTU-CVE-2020-10079

GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required...

UBUNTU-CVE-2020-10080

GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group...

GitLab Information Disclosure Vulnerability (CNVD-2020-17482)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-17175)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab. An...

PT-2020-11914 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.11 through 12.8.1 Description: The issue allows a Denial of Service when using several features to recursively request each other. Recommendations: For GitLab versions 8.11 through 12.8.1, update to a version that contains a...

PT-2020-11915 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.7 through 12.8.1 Description: The issue allows for information disclosure under certain group conditions, where group epic information was unintentionally being disclosed. Recommendations: For GitLab versions 11.7 through...

PT-2020-11913 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.5 through 12.8.1 Description: The issue concerns Insecure Permissions in GitLab. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. Recommendations: For...

PT-2020-11917 · Gitlab +1 · Gitlab +1

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 12.8.1 Description: A cross-site scripting issue was found in a specific view related to the Grafana integration, allowing for potential exploitation. Recommendations: For versions 12.1 through 12.8.1, update to a...

PT-2020-11912 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.8.2 Description: The issue allows information disclosure due to badge images not being proxied, resulting in mixed content warnings and the leakage of the user's IP address. Recommendations: For versions prior to...

PT-2020-11916 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 12.8.1 Description: A cross-site scripting issue was found when viewing particular file types, allowing for potential exploitation. Recommendations: For versions 9.3 through 12.8.1, update to a version later than...

PT-2020-11899 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.1 through 12.8.1 Description: A scenario was discovered in which a GitLab account could be taken over through an expired link, indicating an issue with access control. Recommendations: For GitLab versions 10.1 through 12.8....

UBUNTU-CVE-2019-12445

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...

GitLab Information Disclosure Vulnerability (CNVD-2020-10495)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An information disclosure vulnerability exists in GitLab versions 11.8 and later. The vulnerability...

GitLab Information Disclosure Vulnerability (CNVD-2020-10496)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An information disclosure vulnerability exists in GitLab versions 12.2.2 and earlier. The...

UBUNTU-CVE-2019-15592

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline...

GitLab EE Insecure Privilege Vulnerability (CNVD-2020-14341)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 8.8 - 12.7.2 suffers from an insecure privilege...

GitLab EE Incorrect Access Control Vulnerability (CNVD-2020-13700)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. An incorrect access control vulnerability exists in GitLab E...

GitLab Authorization Issues Vulnerability (CNVD-2020-13192)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

GitLab Cross-Site Scripting Vulnerability (CNVD-2020-04574)

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. A cross-site...