Vulnerabilities > Gitlab > Gitlab > 12.7.4

DATE CVE VULNERABILITY TITLE RISK
2020-03-27 CVE-2020-10953 Path Traversal vulnerability in Gitlab
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
network
low complexity
gitlab CWE-22
5.0
5.0
2020-03-27 CVE-2020-10952 Incorrect Authorization vulnerability in Gitlab
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
network
gitlab CWE-863
5.8
5.8
2020-03-13 CVE-2020-10077 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
GitLab EE 3.0 through 12.8.1 allows SSRF.
network
low complexity
gitlab CWE-918
7.5
7.5
2020-03-13 CVE-2020-10076 Cross-site Scripting vulnerability in Gitlab
GitLab 12.1 through 12.8.1 allows XSS.
network
gitlab CWE-79
4.3
4.3
2020-03-13 CVE-2020-10075 Injection vulnerability in Gitlab
GitLab 12.5 through 12.8.1 allows HTML Injection.
network
gitlab CWE-74
5.8
5.8
2020-03-13 CVE-2020-10074 Unspecified vulnerability in Gitlab
GitLab 10.1 through 12.8.1 has Incorrect Access Control.
network
low complexity
gitlab
7.5
7.5
2020-03-13 CVE-2020-10073 Missing Authorization vulnerability in Gitlab
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service.
network
low complexity
gitlab CWE-862
5.0
5.0
2020-03-13 CVE-2020-10092 Cross-site Scripting vulnerability in Gitlab
GitLab 12.1 through 12.8.1 allows XSS.
network
gitlab CWE-79
4.3
4.3
2020-03-13 CVE-2020-10091 Cross-site Scripting vulnerability in Gitlab
GitLab 9.3 through 12.8.1 allows XSS.
network
gitlab CWE-79
4.3
4.3
2020-03-13 CVE-2020-10090 Information Exposure vulnerability in Gitlab
GitLab 11.7 through 12.8.1 allows Information Disclosure.
network
low complexity
gitlab CWE-200
5.0
5.0