gitlab
1,423 tracked vulnerabilities.
CVE-2019-19256
MEDIUM
GitLab 12.2.0-12.5.0 - Exposure of Sensitive Information via Incorrect Access Control
Jan 03, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-19255
MEDIUM
GitLab 12.3.0-12.5.0 - Incorrect Access Control
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-19311
MEDIUM
GitLab 8.14.0-12.3.6 12.4.3 12.5 - Stored Cross-Site Scripting in Group and Profile Fields
Jan 03, 2020
CVSS 5.4
EPSS 0.01
CVE-2019-19254
MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
Jan 03, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-19088
CRITICAL
GitLab 11.3.0-12.4.2 - Path Traversal
Jan 03, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-19087
MEDIUM
Gitlab EE <12.5.1 - Info Disclosure
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-19086
MEDIUM
Gitlab EE <12.5.1 - Info Disclosure
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15584
MEDIUM
GitLab < 12.3.2, < 12.2.6, and < 12.1.10 - Denial of Service via Markdown Field Input Validation Bypass
Dec 20, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-5487
MEDIUM
GitLab < 12.1.13 - Improper Access Control via Elasticsearch Group Search
Dec 18, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-5486
HIGH
GitLab <12.3.2, <12.2.6, and <12.1.10 - Authentication Bypass via Salesforce Login Integration
Dec 18, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-5469
MEDIUM
GitLab < 11.11.6, < 12.0.4, < 12.1.2 - Authorization Bypass via Project Archive File Upload
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15591
MEDIUM
GitLab < 12.3.3 - Unauthenticated Improper Access Control via Merge Request Widget
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15589
HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Improper Access Control via CI/CD Token
Dec 18, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-15580
MEDIUM
GitLab < 12.1.10, < 12.2.6, < 12.3.2 - Unauthenticated Information Exposure via Blocking Merge Request Feature
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15577
MEDIUM
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthorized Information Disclosure via Groups Browsing
Dec 18, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-15576
HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
Dec 18, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-15575
HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Command Injection via API Blobs Scope
Dec 18, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-18456
MEDIUM
GitLab 8.17.0-12.4.0 - Insecure Permissions in Elasticsearch Search Feature
Nov 26, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-18455
HIGH
GitLab 11.0.0-12.4.0 - Denial of Service via Nested GraphQL Query Loop
Nov 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-18454
MEDIUM
GitLab 10.5-12.4 - Cross-Site Scripting in RDoc Wiki Page Link Validation
Nov 26, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-18453
MEDIUM
GitLab 11.6-12.4 - Insecure Permission Assignment in Email Comment Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-18452
MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
Nov 26, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-18451
MEDIUM
GitLab 10.7.4-12.4 - Open Redirect via InternalRedirect Filtering
Nov 26, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-18450
MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Project Labels
Nov 26, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-18449
MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Autocomplete Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.01