An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-14
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
9.8
EPSS Score
0.002
Published
2020-02-05
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-28