Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gitlab
(Gitlab)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 944 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-28 | CVE-2016-9469 | Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2,... | Gitlab | 8.2 | ||
| 2017-08-02 | CVE-2017-11438 | GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | Gitlab | 6.3 | ||
| 2017-08-02 | CVE-2017-11437 | GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | Gitlab | 6.5 | ||
| 2018-03-22 | CVE-2017-0920 | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | Gitlab | 4.3 | ||
| 2019-09-16 | CVE-2019-16170 | An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. | Gitlab | N/A | ||
| 2019-09-16 | CVE-2019-15727 | An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | Gitlab | N/A | ||
| 2019-09-16 | CVE-2019-15740 | An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | Gitlab | N/A | ||
| 2019-09-16 | CVE-2019-15739 | An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | Gitlab | N/A | ||
| 2019-09-16 | CVE-2019-15738 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | Gitlab | N/A | ||
| 2019-09-16 | CVE-2019-15737 | An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. | Gitlab | N/A |