Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-01-28 CVE-2019-15586 Cross-site Scripting vulnerability in Gitlab
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
network
gitlab CWE-79
4.3
4.3
2020-01-28 CVE-2019-15585 Improper Authentication vulnerability in Gitlab
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
network
low complexity
gitlab CWE-287
7.5
7.5
2020-01-28 CVE-2019-15583 Information Exposure vulnerability in Gitlab
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE).
network
low complexity
gitlab CWE-200
5.0
5.0
2020-01-28 CVE-2019-15582 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
network
low complexity
gitlab CWE-639
5.0
5.0
2020-01-28 CVE-2019-15581 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
network
low complexity
gitlab CWE-639
5.0
5.0
2020-01-28 CVE-2019-15579 Unspecified vulnerability in Gitlab
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
network
low complexity
gitlab
5.0
5.0
2020-01-28 CVE-2019-15578 Information Exposure vulnerability in Gitlab
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE).
network
low complexity
gitlab CWE-200
5.0
5.0
2020-01-13 CVE-2019-20144 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1.
network
low complexity
gitlab
4.0
4.0
2020-01-13 CVE-2019-20143 Missing Authentication for Critical Function vulnerability in Gitlab 12.6.0
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6.
network
low complexity
gitlab CWE-306
5.0
5.0
2020-01-13 CVE-2019-20142 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1.
network
low complexity
gitlab
4.0
4.0