Vulnerabilities > Gitlab > Gitlab > 12.2.4

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2020-7968 Improper Authentication vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
network
low complexity
gitlab CWE-287
5.0
5.0
2020-02-05 CVE-2020-7967 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
network
low complexity
gitlab CWE-276
4.0
4.0
2020-02-05 CVE-2020-7966 Path Traversal vulnerability in Gitlab
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
network
low complexity
gitlab CWE-22
5.0
5.0
2020-02-05 CVE-2020-8114 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
low complexity
gitlab CWE-276
7.5
7.5
2020-02-05 CVE-2020-7979 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
gitlab CWE-276
4.3
4.3
2020-01-28 CVE-2019-15590 Unspecified vulnerability in Gitlab
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
network
low complexity
gitlab
5.0
5.0
2020-01-28 CVE-2019-15585 Improper Authentication vulnerability in Gitlab
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
network
low complexity
gitlab CWE-287
7.5
7.5
2020-01-28 CVE-2019-15583 Information Exposure vulnerability in Gitlab
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE).
network
low complexity
gitlab CWE-200
5.0
5.0
2020-01-28 CVE-2019-15582 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
network
low complexity
gitlab CWE-639
5.0
5.0
2020-01-28 CVE-2019-15581 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
network
low complexity
gitlab CWE-639
5.0
5.0