Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2020-7971 Cross-site Scripting vulnerability in Gitlab
GitLab EE 11.0 and later through 12.7.2 allows XSS.
network
low complexity
gitlab CWE-79
6.1
6.1
2020-02-05 CVE-2020-7969 Unspecified vulnerability in Gitlab
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
network
low complexity
gitlab
7.5
7.5
2020-02-05 CVE-2020-7968 Missing Authorization vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
network
low complexity
gitlab CWE-862
7.5
7.5
2020-02-05 CVE-2020-7967 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).
network
low complexity
gitlab CWE-276
4.3
4.3
2020-02-05 CVE-2020-7966 Path Traversal vulnerability in Gitlab
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
network
low complexity
gitlab CWE-22
7.5
7.5
2020-02-05 CVE-2020-8114 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
low complexity
gitlab CWE-276
critical
 9.8
9.8
2020-02-05 CVE-2020-7979 Incorrect Default Permissions vulnerability in Gitlab
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
network
low complexity
gitlab CWE-276
5.3
5.3
2020-01-28 CVE-2013-4583 Improper Privilege Management vulnerability in Gitlab and Gitlab-Shell
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories.
network
low complexity
gitlab CWE-269
8.8
8.8
2020-01-28 CVE-2013-4582 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gitlab and Gitlab-Shell
The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.
network
low complexity
gitlab CWE-829
6.5
6.5
2020-01-28 CVE-2019-5474 Incorrect Authorization vulnerability in Gitlab
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.
network
low complexity
gitlab CWE-863
6.5
6.5