Vulnerabilities > Gitlab > Gitlab > 12.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-22 | CVE-2020-11505 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. | 5.0 |
| 2020-04-08 | CVE-2020-10981 | Improper Input Validation vulnerability in Gitlab GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | 4.0 |
| 2020-04-08 | CVE-2020-10980 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 7.5 |
| 2020-04-08 | CVE-2020-10979 | Information Exposure vulnerability in Gitlab GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | 4.0 |
| 2020-04-08 | CVE-2020-10978 | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | 5.0 |
| 2020-04-08 | CVE-2020-10977 | Path Traversal vulnerability in Gitlab GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | 5.5 |
| 2020-04-08 | CVE-2020-10976 | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | 5.0 |
| 2020-04-08 | CVE-2020-10975 | Information Exposure vulnerability in Gitlab GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | 4.0 |
| 2020-03-27 | CVE-2020-10956 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | 7.5 |
| 2020-03-27 | CVE-2020-10955 | Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | 4.0 |