An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-22
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-08
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-08
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-04-08
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-08
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
CVSS Score
5.5
EPSS Score
0.074
Published
2020-04-08
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-27
GitLab through 12.9 is affected by a potential DoS in repository archive download.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-27
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-27
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13