An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-13
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-05
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-05
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-01-05
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-05
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
CVSS Score
5.8
EPSS Score
0.001
Published
2020-01-05
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-03
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-01-03