An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-06
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-14
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05