| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10112 | 5.0 |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
|
21-07-2021 - 11:39 | 16-05-2019 - 16:29 | |
| CVE-2019-10640 | 5.0 |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
|
24-08-2020 - 17:37 | 15-05-2019 - 19:29 | |
| CVE-2019-10114 | 5.0 |
An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a para
|
24-08-2020 - 17:37 | 16-05-2019 - 15:29 | |
| CVE-2019-10116 | 4.0 |
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
|
24-08-2020 - 17:37 | 16-05-2019 - 15:29 | |
| CVE-2019-10108 | 5.5 |
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
|
24-08-2020 - 17:37 | 15-05-2019 - 20:29 | |
| CVE-2019-10110 | 4.0 |
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on
|
24-08-2020 - 17:37 | 15-05-2019 - 20:29 | |
| CVE-2019-10115 | 4.0 |
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information li
|
24-08-2020 - 17:37 | 16-05-2019 - 15:29 | |
| CVE-2019-10113 | 5.0 |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.
|
16-05-2019 - 19:25 | 16-05-2019 - 15:29 | |
| CVE-2019-10117 | 5.8 |
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the second
|
16-05-2019 - 18:57 | 16-05-2019 - 15:29 | |
| CVE-2019-10109 | 5.0 |
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a res
|
16-05-2019 - 16:10 | 15-05-2019 - 20:29 | |
| CVE-2019-10111 | 3.5 |
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
|
16-05-2019 - 01:40 | 15-05-2019 - 20:29 |