GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-27
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-27
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-13
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-13
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
CVSS Score
9.1
EPSS Score
0.001
Published
2020-03-13