Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
CVE-2019-5470
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-28
CVE-2019-5472
An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-28
CVE-2019-5474
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15578
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15579
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15581
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15582
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15583
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-28
CVE-2019-15585
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-01-28
CVE-2019-15586
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved