Vulnerabilities > Gitlab > Gitlab > 11.11.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-28 | CVE-2019-5464 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. | 7.5 |
2020-01-28 | CVE-2019-5462 | Insufficient Session Expiration vulnerability in Gitlab A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | 6.8 |
2020-01-13 | CVE-2019-20144 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. | 4.0 |
2020-01-13 | CVE-2020-6832 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. | 5.0 |
2020-01-13 | CVE-2020-5197 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. | 3.5 |
2020-01-13 | CVE-2019-20148 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. | 4.3 |
2020-01-13 | CVE-2019-20147 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. | 5.0 |
2020-01-13 | CVE-2019-20146 | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. | 5.0 |
2020-01-13 | CVE-2019-20145 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. | 4.0 |
2020-01-05 | CVE-2019-19629 | Information Exposure vulnerability in Gitlab In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | 5.0 |