GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-27
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-13
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-13