Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  Security Vulnerabilities
CVE-2020-10075
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10076
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10077
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10073
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10074
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10092
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10082
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10083
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
CVSS Score
9.1
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10084
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
CVE-2020-10085
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved