CVE-2019-15575

A command injection exists in GitLab CE/EE v12.3.2, v12.2.6, and v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope...

CVE-2019-5463

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...

PT-2019-17691 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 11.11.6 GitLab CE/EE versions prior to 12.0.4 GitLab CE/EE versions prior to 12.1.2 Description: An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint, which could result in disclosu...

CVE-2018-19574

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page...

Improper access control

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential...

CVE-2018-19576

Removed by vendor...

PT-2019-9866 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 Description: The issue allows administrators with access to the logs to see another user's token, as access tokens are...

CVE-2018-12605

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'urlfor' contained a XSS issue due to it allowing arbitrary protocols as a parameter...