Gitlab: >> Gitlab >> 12.0.12 Security Vulnerabilities
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
CVSS Score
5.8
EPSS Score
0.002
Published
2020-01-05
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-01-03
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-03
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-03