Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-03-27 CVE-2020-10954 Resource Exhaustion vulnerability in Gitlab
GitLab through 12.9 is affected by a potential DoS in repository archive download.
network
low complexity
gitlab CWE-400
7.5
7.5
2020-03-27 CVE-2020-10953 Path Traversal vulnerability in Gitlab
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
network
low complexity
gitlab CWE-22
7.5
7.5
2020-03-27 CVE-2020-10952 Unspecified vulnerability in Gitlab
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
network
low complexity
gitlab
6.5
6.5
2020-03-13 CVE-2020-10077 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
GitLab EE 3.0 through 12.8.1 allows SSRF.
network
low complexity
gitlab CWE-918
critical
 9.8
9.8
2020-03-13 CVE-2020-10076 Cross-site Scripting vulnerability in Gitlab
GitLab 12.1 through 12.8.1 allows XSS.
network
low complexity
gitlab CWE-79
6.1
6.1
2020-03-13 CVE-2020-10075 Cross-site Scripting vulnerability in Gitlab
GitLab 12.5 through 12.8.1 allows HTML Injection.
network
low complexity
gitlab CWE-79
6.1
6.1
2020-03-13 CVE-2020-10074 Unspecified vulnerability in Gitlab
GitLab 10.1 through 12.8.1 has Incorrect Access Control.
network
low complexity
gitlab
critical
 9.8
9.8
2020-03-13 CVE-2020-10073 Unspecified vulnerability in Gitlab
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service.
network
low complexity
gitlab
7.5
7.5
2020-03-13 CVE-2020-10092 Cross-site Scripting vulnerability in Gitlab
GitLab 12.1 through 12.8.1 allows XSS.
network
low complexity
gitlab CWE-79
6.1
6.1
2020-03-13 CVE-2020-10091 Cross-site Scripting vulnerability in Gitlab
GitLab 9.3 through 12.8.1 allows XSS.
network
low complexity
gitlab CWE-79
6.1
6.1