Vulnerabilities > Gitlab > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-16 CVE-2019-15722 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1.
network
low complexity
gitlab CWE-770
7.5
7.5
2019-09-16 CVE-2019-16170 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5.
network
low complexity
gitlab
7.1
7.1
2019-09-09 CVE-2019-6793 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
network
high complexity
gitlab CWE-918
7.0
7.0
2019-09-09 CVE-2019-6788 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
network
low complexity
gitlab
7.5
7.5
2019-09-09 CVE-2019-6783 Path Traversal vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
network
low complexity
gitlab CWE-22
8.8
8.8
2019-09-09 CVE-2019-6782 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
network
low complexity
gitlab
7.5
7.5
2019-09-09 CVE-2019-11605 Information Exposure vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3.
network
low complexity
gitlab CWE-200
7.5
7.5
2019-09-09 CVE-2019-5473 Improper Authentication vulnerability in Gitlab 12.0.4/12.1.2
An authentication issue was discovered in GitLab that allowed a bypass of email verification.
network
low complexity
gitlab CWE-287
7.2
7.2
2019-07-10 CVE-2018-19584 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.
network
low complexity
gitlab CWE-639
7.5
7.5
2019-07-10 CVE-2018-19581 Improper Authorization vulnerability in Gitlab
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
network
low complexity
gitlab CWE-285
7.5
7.5