Vulnerabilities > Gitlab > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-15576 Missing Authorization vulnerability in Gitlab
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.
network
low complexity
gitlab CWE-862
7.5
7.5
2019-12-18 CVE-2019-15575 Command Injection vulnerability in Gitlab
A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.
network
low complexity
gitlab CWE-77
7.5
7.5
2019-11-26 CVE-2019-18455 Infinite Loop vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries.
network
low complexity
gitlab CWE-835
7.5
7.5
2019-11-26 CVE-2019-18457 Improper Preservation of Permissions vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens..
network
low complexity
gitlab CWE-281
8.8
8.8
2019-11-26 CVE-2019-18460 Information Exposure vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration.
network
low complexity
gitlab CWE-200
7.5
7.5
2019-09-17 CVE-2019-15729 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1.
network
low complexity
gitlab CWE-863
7.5
7.5
2019-09-16 CVE-2019-15736 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1.
network
low complexity
gitlab CWE-770
7.5
7.5
2019-09-16 CVE-2019-15730 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1.
network
low complexity
gitlab CWE-918
7.5
7.5
2019-09-16 CVE-2019-15728 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1.
network
low complexity
gitlab CWE-918
7.5
7.5
2019-09-16 CVE-2019-15725 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1.
network
low complexity
gitlab CWE-639
7.5
7.5