GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
CVSS Score
4.3
EPSS Score
0.0
Published
2020-02-05
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
9.8
EPSS Score
0.002
Published
2020-02-05
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-28
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-28
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-28
An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-28