Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-20144 5.0
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
03-10-2019 - 00:03 28-03-2019 - 15:29
CVE-2018-19359 6.5
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
03-10-2019 - 00:03 25-04-2019 - 21:29
CVE-2019-7549 4.0
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that
09-09-2019 - 21:15 29-05-2019 - 16:29
CVE-2019-7155 4.0
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after
09-09-2019 - 20:15 16-04-2019 - 22:29
CVE-2019-6796 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results
09-09-2019 - 20:15 11-04-2019 - 20:29
CVE-2019-6790 4.0
An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge req
09-09-2019 - 20:15 17-05-2019 - 16:29
CVE-2019-6781 5.0
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notificati
09-09-2019 - 20:15 17-05-2019 - 16:29
CVE-2019-9866 4.0
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure.
09-09-2019 - 19:15 29-05-2019 - 17:29
CVE-2019-7353 6.4
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of othe
09-09-2019 - 19:15 17-05-2019 - 17:29
CVE-2019-9177 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
03-09-2019 - 23:15 29-05-2019 - 16:29
CVE-2019-9221 2.1
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).
29-05-2019 - 19:45 29-05-2019 - 17:29
CVE-2019-9218 7.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).
29-05-2019 - 19:44 29-05-2019 - 16:29
CVE-2019-9485 7.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
29-05-2019 - 19:38 29-05-2019 - 17:29
CVE-2019-9732 7.5
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
29-05-2019 - 19:29 29-05-2019 - 17:29
CVE-2019-6787 4.0
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other proje
20-05-2019 - 19:26 17-05-2019 - 16:29
CVE-2018-20500 5.0
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was
20-05-2019 - 16:53 17-05-2019 - 16:29
CVE-2018-19585 5.0
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
20-05-2019 - 16:48 17-05-2019 - 16:29
CVE-2019-6797 5.0
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.
20-05-2019 - 14:37 17-05-2019 - 16:29
CVE-2019-10115 4.0
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information li
16-05-2019 - 19:28 16-05-2019 - 15:29
CVE-2019-10113 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.
16-05-2019 - 19:25 16-05-2019 - 15:29
CVE-2019-10114 5.0
An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a para
16-05-2019 - 19:14 16-05-2019 - 15:29
CVE-2019-10117 5.8
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the second
16-05-2019 - 18:57 16-05-2019 - 15:29
CVE-2019-10112 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
16-05-2019 - 18:53 16-05-2019 - 16:29
CVE-2019-10116 4.0
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
16-05-2019 - 18:23 16-05-2019 - 15:29
CVE-2019-10109 5.0
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a res
16-05-2019 - 16:10 15-05-2019 - 20:29
CVE-2019-10108 5.5
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
16-05-2019 - 16:04 15-05-2019 - 20:29
CVE-2019-10640 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
16-05-2019 - 15:57 15-05-2019 - 19:29
CVE-2019-10110 4.0
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on
16-05-2019 - 15:49 15-05-2019 - 20:29
CVE-2019-10111 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
16-05-2019 - 01:40 15-05-2019 - 20:29
CVE-2019-11000 4.0
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
13-05-2019 - 17:29 10-05-2019 - 20:29
CVE-2018-18643 4.3
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
26-04-2019 - 18:15 25-04-2019 - 21:29
CVE-2019-9223 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.
18-04-2019 - 17:41 17-04-2019 - 17:29
CVE-2019-9217 7.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
17-04-2019 - 20:40 17-04-2019 - 17:29
CVE-2019-9174 7.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
17-04-2019 - 20:33 17-04-2019 - 17:29
CVE-2019-9756 7.5
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
17-04-2019 - 20:20 17-04-2019 - 17:29
CVE-2019-9176 5.8
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
17-04-2019 - 20:08 17-04-2019 - 17:29
CVE-2019-9222 5.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
17-04-2019 - 20:00 17-04-2019 - 17:29
CVE-2019-9179 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
17-04-2019 - 19:48 17-04-2019 - 17:29
CVE-2019-9178 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).
17-04-2019 - 19:47 17-04-2019 - 17:29
CVE-2019-9175 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
17-04-2019 - 19:42 17-04-2019 - 17:29
CVE-2019-9172 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).
17-04-2019 - 19:39 17-04-2019 - 17:29
CVE-2019-9171 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
17-04-2019 - 19:35 17-04-2019 - 17:29
CVE-2019-9225 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
17-04-2019 - 19:26 17-04-2019 - 17:29
CVE-2019-9224 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).
17-04-2019 - 19:18 17-04-2019 - 17:29
CVE-2019-9219 4.3
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
17-04-2019 - 19:16 17-04-2019 - 17:29
CVE-2019-9170 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
17-04-2019 - 19:12 17-04-2019 - 17:29
CVE-2019-9220 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.
17-04-2019 - 18:38 17-04-2019 - 17:29
CVE-2019-9890 6.4
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
17-04-2019 - 18:25 17-04-2019 - 17:29
CVE-2019-6240 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
26-03-2019 - 16:44 25-03-2019 - 17:29
Back to Top Mark selected
Back to Top