Vulnerabilities > Gitlab > Gitlab > 12.2.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-05 | CVE-2020-7968 | Improper Authentication vulnerability in Gitlab GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | 5.0 |
2020-02-05 | CVE-2020-7967 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). | 4.0 |
2020-02-05 | CVE-2020-7966 | Path Traversal vulnerability in Gitlab GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | 5.0 |
2020-02-05 | CVE-2020-8114 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 7.5 |
2020-02-05 | CVE-2020-7979 | Incorrect Default Permissions vulnerability in Gitlab GitLab EE 8.9 and later through 12.7.2 has Insecure Permission | 4.3 |
2020-01-28 | CVE-2019-15590 | Unspecified vulnerability in Gitlab An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | 5.0 |
2020-01-28 | CVE-2019-15585 | Improper Authentication vulnerability in Gitlab Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | 7.5 |
2020-01-28 | CVE-2019-15583 | Information Exposure vulnerability in Gitlab An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). | 5.0 |
2020-01-28 | CVE-2019-15582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | 5.0 |
2020-01-28 | CVE-2019-15581 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | 5.0 |