U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:11.5.0:rc7:*:*:enterprise:*:*:*
  • CPE Name Search: true
There are 465 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2019-12428

An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.

Published: March 10, 2020; 10:15:11 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-8113

GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.

Published: March 06, 2020; 1:15:11 PM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.

Published: February 14, 2020; 5:15:10 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-15592

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.

Published: February 14, 2020; 5:15:10 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-6833

An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.

Published: February 05, 2020; 12:15:10 PM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-7977

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.

Published: February 05, 2020; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7974

GitLab EE 10.1 through 12.7.2 allows Information Disclosure.

Published: February 05, 2020; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7973

GitLab through 12.7.2 allows XSS.

Published: February 05, 2020; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7971

GitLab EE 11.0 and later through 12.7.2 allows XSS.

Published: February 05, 2020; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7969

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

Published: February 05, 2020; 11:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-7968

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

Published: February 05, 2020; 11:15:11 AM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-8114

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

Published: February 05, 2020; 10:15:10 AM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-7979

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

Published: February 05, 2020; 10:15:10 AM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-5470

An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.

Published: January 27, 2020; 10:15:11 PM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-5466

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

Published: January 27, 2020; 10:15:11 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-5465

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

Published: January 27, 2020; 10:15:10 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-5464

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.

Published: January 27, 2020; 10:15:10 PM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-5462

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.

Published: January 27, 2020; 10:15:10 PM -0500 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-20144

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

Published: January 13, 2020; 4:15:11 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-6832

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.

Published: January 13, 2020; 3:15:14 PM -0500 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM