Vulnerabilities > Gitlab > Gitlab > 12.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12275 | Improper Privilege Management vulnerability in Gitlab GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. | 5.0 |
| 2020-04-22 | CVE-2020-11649 | Missing Authentication for Critical Function vulnerability in Gitlab An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. | 4.0 |
| 2020-04-22 | CVE-2020-11506 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab 10.7.0 and later through 12.9.2. | 5.0 |
| 2020-04-22 | CVE-2020-11505 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. | 5.0 |
| 2020-03-27 | CVE-2020-10956 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | 7.5 |
| 2020-03-27 | CVE-2020-10955 | Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | 4.0 |
| 2020-03-27 | CVE-2020-10952 | Incorrect Authorization vulnerability in Gitlab GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | 5.8 |