Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-12275 Unspecified vulnerability in Gitlab
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
network
low complexity
gitlab
5.3
2020-04-22 CVE-2020-11649 Missing Authentication for Critical Function vulnerability in Gitlab
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2.
network
low complexity
gitlab CWE-306
6.5
2020-04-22 CVE-2020-11506 HTTP Request Smuggling vulnerability in Gitlab
An issue was discovered in GitLab 10.7.0 and later through 12.9.2.
network
low complexity
gitlab CWE-444
7.5
2020-04-22 CVE-2020-11505 HTTP Request Smuggling vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3.
network
low complexity
gitlab CWE-444
7.5
2020-04-08 CVE-2020-10981 Unspecified vulnerability in Gitlab
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
network
low complexity
gitlab
4.3
2020-04-08 CVE-2020-10980 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
network
low complexity
gitlab CWE-918
critical
9.8
2020-04-08 CVE-2020-10979 Unspecified vulnerability in Gitlab
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
network
low complexity
gitlab
4.3
2020-04-08 CVE-2020-10978 Unspecified vulnerability in Gitlab
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
network
low complexity
gitlab
5.3
2020-04-08 CVE-2020-10977 Path Traversal vulnerability in Gitlab
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
local
low complexity
gitlab CWE-22
5.5
2020-04-08 CVE-2020-10976 Information Exposure vulnerability in Gitlab
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
network
low complexity
gitlab CWE-200
7.5