Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 5.0.0  Security Vulnerabilities
CVE-2019-15594
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-14
CVE-2020-7973
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
CVE-2020-7968
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
CVE-2013-4582
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-28
CVE-2013-4583
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-28
CVE-2019-19257
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-03
CVE-2019-19260
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.001
Published
2020-01-03
CVE-2019-15584
A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-20
CVE-2019-5486
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-12-18
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved