Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2020-7973 Cross-site Scripting vulnerability in Gitlab
GitLab through 12.7.2 allows XSS.
network
gitlab CWE-79
4.3
4.3
2020-02-05 CVE-2020-7972 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
network
low complexity
gitlab CWE-276
5.0
5.0
2020-02-05 CVE-2020-7971 Cross-site Scripting vulnerability in Gitlab
GitLab EE 11.0 and later through 12.7.2 allows XSS.
network
gitlab CWE-79
4.3
4.3
2020-02-05 CVE-2020-7969 Information Exposure vulnerability in Gitlab
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
network
low complexity
gitlab CWE-200
5.0
5.0
2020-02-05 CVE-2020-7968 Improper Authentication vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
network
low complexity
gitlab CWE-287
5.0
5.0
2020-02-05 CVE-2020-7967 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
network
low complexity
gitlab CWE-276
4.0
4.0
2020-02-05 CVE-2020-7966 Path Traversal vulnerability in Gitlab
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
network
low complexity
gitlab CWE-22
5.0
5.0
2020-02-05 CVE-2020-8114 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
low complexity
gitlab CWE-276
7.5
7.5
2020-02-05 CVE-2020-7979 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
gitlab CWE-276
4.3
4.3
2020-01-28 CVE-2013-4583 Improper Privilege Management vulnerability in Gitlab and Gitlab-Shell
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
network
low complexity
gitlab CWE-269
6.5
6.5