GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-01-03
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-03
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-03
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-01-03
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-01-03
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-18
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).
CVSS Score
4.3
EPSS Score
0.001
Published
2019-11-26
An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-11-26