Vulnerabilities > Gitlab > Gitlab > 12.4.0

DATE CVE VULNERABILITY TITLE RISK
2020-01-03 CVE-2019-19255 Unspecified vulnerability in Gitlab
GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.
network
low complexity
gitlab
4.0
4.0
2020-01-03 CVE-2019-19311 Cross-site Scripting vulnerability in Gitlab
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
network
gitlab CWE-79
3.5
3.5
2020-01-03 CVE-2019-19254 Information Exposure vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE).
network
low complexity
gitlab CWE-200
5.0
5.0
2020-01-03 CVE-2019-19088 Path Traversal vulnerability in Gitlab
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
network
low complexity
gitlab CWE-22
7.5
7.5
2020-01-03 CVE-2019-19087 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
network
low complexity
gitlab CWE-732
4.0
4.0
2020-01-03 CVE-2019-19086 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
network
low complexity
gitlab CWE-732
4.0
4.0
2019-11-26 CVE-2019-18456 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration..
network
low complexity
gitlab CWE-732
5.0
5.0
2019-11-26 CVE-2019-18455 Infinite Loop vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries.
network
low complexity
gitlab CWE-835
5.0
5.0
2019-11-26 CVE-2019-18454 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature.
network
gitlab CWE-79
4.3
4.3
2019-11-26 CVE-2019-18453 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature.
network
low complexity
gitlab CWE-732
4.0
4.0