Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2013-4582 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Gitlab and Gitlab-Shell The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. | 6.5 |
| 2020-01-28 | CVE-2019-5474 | Incorrect Authorization vulnerability in Gitlab An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | 6.5 |
| 2020-01-28 | CVE-2019-5466 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | 4.3 |
| 2020-01-28 | CVE-2019-5465 | Unspecified vulnerability in Gitlab An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | 4.3 |
| 2020-01-28 | CVE-2019-15586 | Cross-site Scripting vulnerability in Gitlab A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | 6.1 |
| 2020-01-28 | CVE-2019-15582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | 5.3 |
| 2020-01-28 | CVE-2019-15581 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | 5.3 |
| 2020-01-28 | CVE-2019-15579 | Unspecified vulnerability in Gitlab An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. | 5.3 |
| 2020-01-28 | CVE-2019-15578 | Information Exposure vulnerability in Gitlab An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). | 5.3 |
| 2020-01-13 | CVE-2019-20144 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. | 4.3 |