Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-15590 | Unspecified vulnerability in Gitlab An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration | 7.5 |
| 2020-01-28 | CVE-2019-15583 | Information Exposure vulnerability in Gitlab An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). | 7.5 |
| 2020-01-05 | CVE-2019-19629 | Unspecified vulnerability in Gitlab In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. | 7.5 |
| 2020-01-05 | CVE-2019-19314 | Cleartext Storage of Sensitive Information vulnerability in Gitlab GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. | 7.5 |
| 2020-01-05 | CVE-2019-19313 | Improper Handling of Exceptional Conditions vulnerability in Gitlab GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. | 7.5 |
| 2020-01-03 | CVE-2019-19261 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | 8.8 |
| 2019-12-30 | CVE-2018-20499 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 7.2 |
| 2019-12-30 | CVE-2018-20494 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 7.5 |
| 2019-12-18 | CVE-2019-5486 | Improper Authentication vulnerability in Gitlab A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | 8.8 |
| 2019-12-18 | CVE-2019-15589 | Unspecified vulnerability in Gitlab An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. | 8.8 |