User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
7.4
EPSS Score
0.001
Published
2020-06-19
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-15
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-10
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-04-29
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-22
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-08
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-08
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-04-08