Gitlab Ce Ee vulnerabilities

9 known vulnerabilities affecting gitlab_ce/ee.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2019-5466MEDIUMCVSS 4.3vAffects GitLab CE/EE 11.5 and latervFixed in 12.1.2 in 12.0.4 and in 11.11.62020-01-28
CVE-2019-5466 [MEDIUM] CWE-639 CVE-2019-5466: An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to di An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
nvd
CVE-2019-15584MEDIUMCVSS 6.5v12.3.2, 12.2.6, and 12.1.102019-12-20
CVE-2019-15584 [MEDIUM] CWE-400 CVE-2019-15584: A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker by A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page.
nvd
CVE-2019-5486HIGHCVSS 8.8v12.3.2, 12.2.6, and 12.1.102019-12-18
CVE-2019-5486 [HIGH] CWE-288 CVE-2019-5486: A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in th A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements.
nvd
CVE-2019-15589HIGHCVSS 8.8v12.3.2, 12.2.6, 12.1.122019-12-18
CVE-2019-15589 [HIGH] CWE-284 CVE-2019-15589: An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
nvd
CVE-2019-15575HIGHCVSS 7.5v12.3.2, 12.2.6, and 12.1.122019-12-18
CVE-2019-15575 [HIGH] CWE-77 CVE-2019-15575: A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacke A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.
nvd
CVE-2019-15576HIGHCVSS 7.5v12.3.2, 12.2.6, and 12.1.122019-12-18
CVE-2019-15576 [HIGH] CWE-200 CVE-2019-15576: An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 tha An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.
nvd
CVE-2019-15577MEDIUMCVSS 4.3v12.3.2, 12.2.6, and 12.1.122019-12-18
CVE-2019-15577 [MEDIUM] CWE-200 CVE-2019-15577: An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 tha An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.
nvd
CVE-2019-5463MEDIUMCVSS 5.3vAffects all previous GitLab CE/EE versions. Fixed in 12.1.2, 12.0.4, and 11.11.62019-09-09
CVE-2019-5463 [MEDIUM] CWE-200 CVE-2019-5463: An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could resul An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
nvd
CVE-2019-5467MEDIUMCVSS 5.4vAffects GitLab CE/EE 11.10 and later. Fixed in 12.1.2, 12.0.4, and 11.11.62019-09-09
CVE-2019-5467 [MEDIUM] CWE-79 CVE-2019-5467: An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
nvd