An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-03-10
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-10
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-10
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-14
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
9.8
EPSS Score
0.002
Published
2020-02-05