CVE-2020-10975

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page...

CVE-2019-5470

An information disclosure issue was discovered GitLab versions 12.1.2, 12.0.4, and 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information...

CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

PT-2020-12460 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 10.8 through 12.9 Description: The issue is related to the leakage of metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. Recommendations: For GitLab EE/CE versions 10.8...

FreeBSD : Gitlab -- Multiple Vulnerabilities (08fba28b-6f9f-11ea-bd0b-001b217b3468)

Gitlab reports : Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Arbitrary File Read when Moving an Issue Path Traversal in NPM Package Registry SSRF on Project Import External Users Can Create Personal Snippet Triggers Decription Can be Updated by Other Maintainers in Project Information Disclosure on Confidential Issues Moved to Private...

GitLab Information Disclosure Vulnerability (CNVD-2020-17382)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A security vulnerability exists in GitLab Enterprise Edition versions 11.6 through 12.8.1. An...

CVE-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

CVE-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

Information disclosure

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

PT-2020-11909 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 12.8.1 Description: The issue allows information disclosure by sending a specially crafted request to the "vulnerability feedback" endpoint, potentially exposing a private project namespace. Recommendations: Fo...

CVE-2019-5470

An information disclosure issue was discovered GitLab versions 12.1.2, 12.0.4, and 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information...

Information disclosure

An information disclosure issue was discovered GitLab versions 12.1.2, 12.0.4, and 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information...

CVE-2019-5470

GitLab CVE-2019-5470 is an information-disclosure vulnerability affecting GitLab releases before 12.1.2, 12.0.4, and 11.11.6 in the security dashboard, potentially exposing vulnerability feedback information. The cited sources confirm the affected version ranges and that exploitation would involv...

CVE-2019-5470

Removed by vendor...

CVE-2019-5470

An information disclosure issue was discovered GitLab versions 12.1.2, 12.0.4, and 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information...

zooplus.no XSS vulnerability

Vulnerable URL: http://www.zooplus.no/feedback/form/shop"onmouseover="prompt'XSSPOSED' Details: Description| Value ---|--- Patched:| Yes, at 23.03.2016 Latest check for patch:| 23.03.2016 13:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1191299 Google...