gitlab

1,423 tracked vulnerabilities.

CVE-2019-19256 MEDIUM
GitLab 12.2.0-12.5.0 - Exposure of Sensitive Information via Incorrect Access Control
Jan 03, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-19255 MEDIUM
GitLab 12.3.0-12.5.0 - Incorrect Access Control
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-19311 MEDIUM
GitLab 8.14.0-12.3.6 12.4.3 12.5 - Stored Cross-Site Scripting in Group and Profile Fields
Jan 03, 2020
CVSS 5.4
EPSS 0.01
CVE-2019-19254 MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
Jan 03, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-19088 CRITICAL
GitLab 11.3.0-12.4.2 - Path Traversal
Jan 03, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-19087 MEDIUM
Gitlab EE <12.5.1 - Info Disclosure
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-19086 MEDIUM
Gitlab EE <12.5.1 - Info Disclosure
Jan 03, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-15584 MEDIUM
GitLab < 12.3.2, < 12.2.6, and < 12.1.10 - Denial of Service via Markdown Field Input Validation Bypass
Dec 20, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-5487 MEDIUM
GitLab < 12.1.13 - Improper Access Control via Elasticsearch Group Search
Dec 18, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-5486 HIGH
GitLab <12.3.2, <12.2.6, and <12.1.10 - Authentication Bypass via Salesforce Login Integration
Dec 18, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-5469 MEDIUM
GitLab < 11.11.6, < 12.0.4, < 12.1.2 - Authorization Bypass via Project Archive File Upload
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15591 MEDIUM
GitLab < 12.3.3 - Unauthenticated Improper Access Control via Merge Request Widget
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15589 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Improper Access Control via CI/CD Token
Dec 18, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-15580 MEDIUM
GitLab < 12.1.10, < 12.2.6, < 12.3.2 - Unauthenticated Information Exposure via Blocking Merge Request Feature
Dec 18, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-15577 MEDIUM
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthorized Information Disclosure via Groups Browsing
Dec 18, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-15576 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
Dec 18, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-15575 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Command Injection via API Blobs Scope
Dec 18, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-18456 MEDIUM
GitLab 8.17.0-12.4.0 - Insecure Permissions in Elasticsearch Search Feature
Nov 26, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-18455 HIGH
GitLab 11.0.0-12.4.0 - Denial of Service via Nested GraphQL Query Loop
Nov 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-18454 MEDIUM
GitLab 10.5-12.4 - Cross-Site Scripting in RDoc Wiki Page Link Validation
Nov 26, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-18453 MEDIUM
GitLab 11.6-12.4 - Insecure Permission Assignment in Email Comment Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-18452 MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
Nov 26, 2019
CVSS 5.3
EPSS 0.01
CVE-2019-18451 MEDIUM
GitLab 10.7.4-12.4 - Open Redirect via InternalRedirect Filtering
Nov 26, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-18450 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Project Labels
Nov 26, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-18449 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Autocomplete Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.01