961 matches found
CVE-2019-19312
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API...
Remote code execution
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions...
CVE-2019-19312
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API...
CVE-2019-19256
Removed by vendor...
CVE-2019-19311
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
CVE-2019-5467
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6...
PT-2019-17692 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 11.11.6 GitLab CE/EE versions prior to 12.0.4 GitLab CE/EE versions prior to 12.1.2 Description: An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature, which could...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
CVE-2018-19579
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...
CVE-2018-19579
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...
CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...
CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...
Cross site scripting
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1...
CVE-2018-19579
Removed by vendor...
CVE-2018-19582
Removed by vendor...
CVE-2018-19571
GitLab CE/EE is affected by CVE-2018-19571 (SSRF in webhooks) affecting versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1. Connected documents show public exploit entries indicating this SSRF can lead to remote code execution in GitLab 11.4.7/11.4.x and authentic...
CVE-2018-19856
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API...
CVE-2018-18843
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF...