Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
CVE-2019-15582
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15583
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-28
CVE-2019-15585
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-28
CVE-2019-15586
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15590
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-28
CVE-2019-5462
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-28
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-28
CVE-2019-5465
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-01-28
CVE-2019-20142
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-13
CVE-2019-20143
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved