gitlab

1,423 tracked vulnerabilities.

CVE-2019-12443 CRITICAL
GitLab 10.2-11.11 - Server-Side Request Forgery via DNS Rebinding
Mar 10, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-12442 MEDIUM
GitLab 11.7.0-11.11.0 - Stored Cross-Site Scripting in Epic Details Page
Mar 10, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-12441 HIGH
GitLab 8.4.0-11.11.0 - Incorrect Access Control in Protected Branches Feature
Mar 10, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-12434 MEDIUM
GitLab 10.6-11.11 - Information Disclosure via Issue Link URL Contrast
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12433 MEDIUM
GitLab 11.7.0-11.11.0 - Improper Input Validation in Restricted Visibility Settings
Mar 10, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-12432 MEDIUM
GitLab 8.13-11.11 - Unauthenticated Information Disclosure via Unsubscription Page
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12431 MEDIUM
GitLab 8.13.0-11.11.0 - Improper Access Control via Search API
Mar 10, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-12430 HIGH
GitLab 11.11 - Authenticated Remote Command Execution via Repository Download Feature
Mar 10, 2020
CVSS 8.8
EPSS 0.03
CVE-2019-12429 MEDIUM
GitLab CE/EE <11.12 - Info Disclosure
Mar 10, 2020
CVSS 6.5
EPSS 0.01
CVE-2019-12428 CRITICAL
GitLab 6.8.0-11.11.0 - Improper Authorization via Crafted Request
Mar 10, 2020
CVSS 9.8
EPSS 0.01
CVE-2019-12825 MEDIUM
GitLab Enterprise 12.0.0-pre - Privilege Escalation
Feb 17, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15594 MEDIUM
GitLab < 11.8 - Exposure of Sensitive Pipeline Information via Merge Request Endpoint
Feb 14, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15592 MEDIUM
GitLab 11.2.0-12.0.7 - Unauthenticated Exposure of Sensitive Information via Activity Timeline
Feb 14, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5474 MEDIUM
GitLab 11.8.0-11.11.5 - Improper Access Control via Merge Request Approval Rules
Jan 28, 2020
CVSS 6.5
EPSS 0.01
CVE-2019-5472 HIGH
GitLab < 11.11.6, 12.0.0-12.0.3, < 12.1.2 - Improper Privilege Management
Jan 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-5470 HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Missing Authorization in Security Dashboard
Jan 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2019-5468 HIGH
GitLab < 11.11.6, 12.0.4, 12.1.2 - Privilege Escalation via Mattermost Slash Commands
Jan 28, 2020
CVSS 8.8
EPSS 0.02
CVE-2019-5466 MEDIUM
GitLab 11.5.0-11.11.7 - Authorization Bypass via Merge Request Endpoint
Jan 28, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5465 MEDIUM
GitLab 8.14.0-11.11.7 - Exposure of Sensitive Information via Move Issue Feature
Jan 28, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5464 CRITICAL
GitLab 10.2.0-11.11.7 - Server-Side Request Forgery via DNS Rebinding Protection Bypass
Jan 28, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-5462 HIGH
GitLab 9.0.0-11.11.7 - Insufficient Session Expiration via Trigger Token Rotation
Jan 28, 2020
CVSS 8.8
EPSS 0.03
CVE-2019-15590 HIGH
GitLab < 12.3.5, < 12.2.8, < 12.1.14 - Unauthenticated Private Data Disclosure via Elasticsearch
Jan 28, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-15586 MEDIUM
GitLab 12.1.0-12.1.10 - Stored Cross-Site Scripting in Mermaid Plugin
Jan 28, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-15585 CRITICAL
GitLab < 12.3.2, < 12.2.6, and < 12.1.12 - Account Takeover via SAML Validation Issue
Jan 28, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-15583 HIGH
GitLab < 12.3.2, < 12.2.6, < 12.1.12 - Unauthorized Information Disclosure via Issue Move API
Jan 28, 2020
CVSS 7.5
EPSS 0.01