gitlab
1,423 tracked vulnerabilities.
CVE-2019-12443
CRITICAL
GitLab 10.2-11.11 - Server-Side Request Forgery via DNS Rebinding
Mar 10, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-12442
MEDIUM
GitLab 11.7.0-11.11.0 - Stored Cross-Site Scripting in Epic Details Page
Mar 10, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-12441
HIGH
GitLab 8.4.0-11.11.0 - Incorrect Access Control in Protected Branches Feature
Mar 10, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-12434
MEDIUM
GitLab 10.6-11.11 - Information Disclosure via Issue Link URL Contrast
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12433
MEDIUM
GitLab 11.7.0-11.11.0 - Improper Input Validation in Restricted Visibility Settings
Mar 10, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-12432
MEDIUM
GitLab 8.13-11.11 - Unauthenticated Information Disclosure via Unsubscription Page
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12431
MEDIUM
GitLab 8.13.0-11.11.0 - Improper Access Control via Search API
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12430
HIGH
GitLab 11.11 - Authenticated Remote Command Execution via Repository Download Feature
Mar 10, 2020
CVSS 8.8
EPSS 0.03
CVE-2019-12429
MEDIUM
GitLab CE/EE <11.12 - Info Disclosure
Mar 10, 2020
CVSS 6.5
EPSS 0.01
CVE-2019-12428
CRITICAL
GitLab 6.8.0-11.11.0 - Improper Authorization via Crafted Request
Mar 10, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-12825
MEDIUM
GitLab Enterprise 12.0.0-pre - Privilege Escalation
Feb 17, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15594
MEDIUM
GitLab < 11.8 - Exposure of Sensitive Pipeline Information via Merge Request Endpoint
Feb 14, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15592
MEDIUM
GitLab 11.2.0-12.0.7 - Unauthenticated Exposure of Sensitive Information via Activity Timeline
Feb 14, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5474
MEDIUM
GitLab 11.8.0-11.11.5 - Improper Access Control via Merge Request Approval Rules
Jan 28, 2020
CVSS 6.5
EPSS 0.01
CVE-2019-5472
HIGH
GitLab < 11.11.6, 12.0.0-12.0.3, < 12.1.2 - Improper Privilege Management
Jan 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-5470
HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Missing Authorization in Security Dashboard
Jan 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-5468
HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Privilege Escalation via Mattermost Slash Commands
Jan 28, 2020
CVSS 8.8
EPSS 0.02
CVE-2019-5466
MEDIUM
GitLab 11.5.0-11.11.7 - Authorization Bypass via Merge Request Endpoint
Jan 28, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5465
MEDIUM
GitLab 8.14.0-11.11.7 - Exposure of Sensitive Information via Move Issue Feature
Jan 28, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5464
CRITICAL
GitLab 10.2.0-11.11.7 - Server-Side Request Forgery via DNS Rebinding Protection Bypass
Jan 28, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-5462
HIGH
GitLab 9.0.0-11.11.7 - Insufficient Session Expiration via Trigger Token Rotation
Jan 28, 2020
CVSS 8.8
EPSS 0.03
CVE-2019-15590
HIGH
GitLab < 12.3.5, < 12.2.8, < 12.1.14 - Unauthenticated Private Data Disclosure via Elasticsearch
Jan 28, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-15586
MEDIUM
GitLab 12.1.0-12.1.10 - Stored Cross-Site Scripting in Mermaid Plugin
Jan 28, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-15585
CRITICAL
GitLab < 12.3.2, < 12.2.6, and < 12.1.12 - Account Takeover via SAML Validation Issue
Jan 28, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-15583
HIGH
GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Unauthorized Information Disclosure via Issue Move API
Jan 28, 2020
CVSS 7.5
EPSS 0.01