Gitlab: >> Gitlab >> 11.13.14 Security Vulnerabilities
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-10
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-06
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
CVSS Score
4.3
EPSS Score
0.007
Published
2020-02-14
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-02-05
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05