An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-12-18
Updated
2020-10-09
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-12-18
Updated
2019-12-27
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
Max CVSS
5.3
EPSS Score
0.13%
Published
2019-12-18
Updated
2020-10-22
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-12-18
Updated
2019-12-30
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
Max CVSS
7.2
EPSS Score
0.10%
Published
2019-09-09
Updated
2023-02-23
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-12-30
Updated
2020-01-08
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
Max CVSS
7.5
EPSS Score
0.09%
Published
2019-07-10
Updated
2019-07-11
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.
Max CVSS
6.5
EPSS Score
0.06%
Published
2019-07-10
Updated
2019-07-11
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
Max CVSS
5.3
EPSS Score
0.16%
Published
2019-07-10
Updated
2023-03-01
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
Max CVSS
8.1
EPSS Score
0.07%
Published
2019-07-10
Updated
2019-07-11
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
Max CVSS
5.9
EPSS Score
0.18%
Published
2019-07-10
Updated
2019-07-11
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
Max CVSS
8.8
EPSS Score
0.17%
Published
2019-07-10
Updated
2019-07-11
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.
Max CVSS
6.5
EPSS Score
0.05%
Published
2019-07-10
Updated
2019-07-11
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
Max CVSS
4.3
EPSS Score
0.05%
Published
2019-07-10
Updated
2019-07-11
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!