GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
5.3
EPSS Score
0.009
Published
2020-02-05
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVSS Score
9.8
EPSS Score
0.014
Published
2020-02-05
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
CVSS Score
8.8
EPSS Score
0.025
Published
2020-01-28
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS Score
9.8
EPSS Score
0.028
Published
2020-01-28
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVSS Score
4.3
EPSS Score
0.011
Published
2020-01-28
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-01-13
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVSS Score
4.3
EPSS Score
0.007
Published
2020-01-13