A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-28
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-28
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-01-28
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-13
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-05
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
CVSS Score
5.8
EPSS Score
0.002
Published
2020-01-05
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-03