Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-10976 | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | 7.5 |
| 2020-04-08 | CVE-2020-10975 | Unspecified vulnerability in Gitlab GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | 4.3 |
| 2020-03-27 | CVE-2020-10956 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. | 9.8 |
| 2020-03-27 | CVE-2020-10955 | Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. | 6.5 |
| 2020-03-27 | CVE-2020-10954 | Resource Exhaustion vulnerability in Gitlab GitLab through 12.9 is affected by a potential DoS in repository archive download. | 7.5 |
| 2020-03-27 | CVE-2020-10953 | Path Traversal vulnerability in Gitlab In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | 7.5 |
| 2020-03-27 | CVE-2020-10952 | Unspecified vulnerability in Gitlab GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | 6.5 |
| 2020-03-13 | CVE-2020-10077 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE 3.0 through 12.8.1 allows SSRF. | 9.8 |
| 2020-03-13 | CVE-2020-10076 | Cross-site Scripting vulnerability in Gitlab GitLab 12.1 through 12.8.1 allows XSS. | 6.1 |
| 2020-03-13 | CVE-2020-10075 | Cross-site Scripting vulnerability in Gitlab GitLab 12.5 through 12.8.1 allows HTML Injection. | 6.1 |