957 matches found
CVE-2020-13269
CVE-2020-13269 : A Reflected Cross-Site Scripting vulnerability affects GitLab CE/EE in the Static Site Editor, with exploits possible on versions 12.10 through 13.0.1. The issue is caused by a reflected XSS flaw that enables execution of arbitrary JavaScript. Public details consistently describe...
CVE-2020-13269
Removed by vendor...
CVE-2020-13268
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1...
CVE-2020-13268
Removed by vendor...
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...
CVE-2020-13266
CVE-2020-13266 affects GitLab CE/EE 12.8–13.0.1, with insecure authorization in Project Deploy Keys. The issue allows a user to update permissions on other users’ deploy keys under certain conditions. No exploitation details are provided in the supplied documents. Affected components: GitLab Depl...
CVE-2019-12428
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization...
CVE-2019-15586
A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...
CVE-2019-15583
An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API...
CVE-2019-5466
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names...
CVE-2019-15586
A XSS exists in Gitlab CE/EE 12.1.10 in the Mermaid plugin...
CVE-2019-15578
An information disclosure exists in 12.3.2, 12.2.6, and 12.1.12 for GitLab Community Edition CE and Enterprise Edition EE. The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests...
CVE-2019-5465
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID...
CVE-2019-15586
Removed by vendor...
CVE-2019-20146
Removed by vendor...
CVE-2019-15577
An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed project milestones to be disclosed via groups browsing...
CVE-2019-15575
A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...
CVE-2019-15576
An information disclosure vulnerability exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint...
CVE-2019-5486
Removed by vendor...
CVE-2019-5463
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...