GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-13
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-03-06
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-17
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-02-05
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab through 12.7.2 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05