Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-01-03 CVE-2019-19311 Cross-site Scripting vulnerability in Gitlab
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-01-03 CVE-2019-19254 Information Exposure vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE).
network
low complexity
gitlab CWE-200
5.3
5.3
2020-01-03 CVE-2019-19088 Path Traversal vulnerability in Gitlab
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
network
low complexity
gitlab CWE-22
critical
 9.8
9.8
2020-01-03 CVE-2019-19087 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
network
low complexity
gitlab CWE-732
4.3
4.3
2020-01-03 CVE-2019-19086 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
network
low complexity
gitlab CWE-732
4.3
4.3
2019-12-30 CVE-2018-20507 Missing Authentication for Critical Function vulnerability in Gitlab
An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
network
low complexity
gitlab CWE-306
5.3
5.3
2019-12-30 CVE-2018-20501 Missing Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
network
low complexity
gitlab CWE-862
6.3
6.3
2019-12-30 CVE-2018-20499 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
network
low complexity
gitlab CWE-918
7.2
7.2
2019-12-30 CVE-2018-20498 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
network
low complexity
gitlab CWE-863
4.3
4.3
2019-12-30 CVE-2018-20497 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1.
network
low complexity
gitlab CWE-918
5.0
5.0