Download
| Alert*
CVE-2013-4583
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. CVE-2013-4582 The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from ... CVE-2021-22200 An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. CVE-2021-22201 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. CVE-2021-22202 An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. CVE-2021-22203 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. CVE-2021-22206 An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text, CVE-2021-22208 An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update. CVE-2021-22209 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. CVE-2021-22210 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results. CVE-2021-22211 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling. CVE-2021-22166 An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method CVE-2021-22167 An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository CVE-2021-22168 A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. CVE-2021-22169 An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messages. CVE-2021-22171 Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link CVE-2021-22172 Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page CVE-2021-22176 An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests CVE-2021-22177 Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. CVE-2021-22178 An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. CVE-2021-22179 A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature. CVE-2021-22180 An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. CVE-2021-22182 An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. CVE-2021-22183 An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. CVE-2021-22184 An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. CVE-2021-22185 Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki CVE-2021-22186 An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners CVE-2021-22187 An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. CVE-2021-22188 An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. CVE-2021-22189 Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. CVE-2021-22190 A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token CVE-2021-22192 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. CVE-2021-22193 An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. CVE-2021-22194 In all versions of GitLab, marshalled session keys were being stored in Redis. CVE-2021-22196 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. CVE-2021-22197 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other CVE-2021-22198 An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. CVE-2021-22199 An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used. CVE-2020-10953 In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. CVE-2020-10954 GitLab through 12.9 is affected by a potential DoS in repository archive download. CVE-2020-10952 GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. CVE-2020-10955 GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. CVE-2020-10956 GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. CVE-2020-10975 GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. CVE-2020-10976 GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. CVE-2020-10979 GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. CVE-2020-10977 GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. CVE-2020-10978 GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. CVE-2020-10980 GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. CVE-2020-10981 GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. CVE-2020-10535 GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. CVE-2020-11506 An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. CVE-2020-11505 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. CVE-2020-11649 An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted. CVE-2020-10076 GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. CVE-2020-10077 GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. CVE-2020-10074 GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. CVE-2020-10075 GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. CVE-2020-10078 GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. CVE-2020-10079 GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. CVE-2020-10073 GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. CVE-2020-10087 GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. CVE-2020-10088 GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. CVE-2020-10085 GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. CVE-2020-10086 GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. CVE-2020-10089 GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, CVE-2020-10080 GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. CVE-2020-10083 GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. CVE-2020-10084 GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace CVE-2020-10081 GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. CVE-2020-10082 GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. CVE-2020-10090 GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. CVE-2020-10091 GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. CVE-2020-10092 GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. CVE-2020-12448 GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. CVE-2020-13303 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. CVE-2020-13307 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. CVE-2020-13308 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. CVE-2020-13312 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. CVE-2020-13313 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. CVE-2020-13314 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. CVE-2020-13311 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. CVE-2020-13316 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. CVE-2020-13317 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. CVE-2020-13318 A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. CVE-2020-13334 In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query CVE-2020-13335 Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. CVE-2020-13336 An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. CVE-2020-13337 An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. CVE-2020-13332 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none CVE-2020-13338 An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. CVE-2020-13339 An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. CVE-2020-13345 An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes CVE-2020-13346 Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. CVE-2020-13347 A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. CVE-2020-13348 An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13341 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. CVE-2020-13342 An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email CVE-2020-13343 An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template CVE-2020-13344 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis CVE-2020-13340 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log CVE-2020-13349 An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13356 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13357 An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. CVE-2020-13358 A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. CVE-2020-13359 The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13352 Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13354 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. CVE-2020-13355 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-13350 CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. CVE-2020-13351 Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. CVE-2020-12277 GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. CVE-2020-12276 GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. CVE-2020-12275 GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. CVE-2020-13268 A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 CVE-2020-13269 A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 CVE-2020-13264 Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token CVE-2020-13265 User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification CVE-2020-13266 Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions CVE-2020-13267 A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 CVE-2020-13261 Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code CVE-2020-13262 Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link CVE-2020-13263 An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. CVE-2020-13275 A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 CVE-2020-13276 User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 CVE-2020-13277 An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 CVE-2020-13271 A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 CVE-2020-13272 OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow CVE-2020-13273 A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 CVE-2020-13274 A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 CVE-2020-13270 Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API CVE-2020-13286 For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. CVE-2020-13287 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues CVE-2020-13288 In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page CVE-2020-13289 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. CVE-2020-13282 For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. CVE-2020-13283 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. CVE-2020-13284 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token CVE-2020-13285 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. CVE-2020-13280 For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. CVE-2020-13281 For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. CVE-2020-13290 In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page CVE-2020-13291 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. CVE-2020-15525 GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. CVE-2020-26405 Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. CVE-2020-26412 Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. CVE-2020-26416 Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. CVE-2020-26415 Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. CVE-2020-26414 An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. CVE-2020-26413 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. CVE-2020-26409 A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. CVE-2020-26408 A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile CVE-2020-26407 A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project CVE-2020-26406 Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >= ... CVE-2020-26417 Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7. CVE-2020-5197 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. CVE-2020-7979 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission CVE-2020-7978 GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. CVE-2020-7977 GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. CVE-2020-7976 GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. CVE-2020-7974 GitLab EE 10.1 through 12.7.2 allows Information Disclosure. CVE-2020-7973 GitLab through 12.7.2 allows XSS. CVE-2020-7972 GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). CVE-2020-7971 GitLab EE 11.0 and later through 12.7.2 allows XSS. CVE-2020-7969 GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. CVE-2020-7968 GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. CVE-2020-7967 GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). CVE-2020-7966 GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. CVE-2020-6833 An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. CVE-2020-6832 An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. CVE-2020-8114 GitLab EE 8.9 and later through 12.7.2 has Insecure Permission CVE-2020-8113 GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. CVE-2020-8795 In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. CVE-2018-10379 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. CVE-2018-12605 An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. CVE-2018-12606 An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. CVE-2018-12607 An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. CVE-2018-14606 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. CVE-2018-14603 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. CVE-2018-14602 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames. CVE-2018-14605 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. CVE-2018-14604 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. CVE-2018-14601 An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. CVE-2018-14364 GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. CVE-2018-16051 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. CVE-2018-16050 An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. CVE-2018-16048 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. CVE-2018-16049 An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. CVE-2018-19585 GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. CVE-2018-19584 GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. CVE-2018-19583 GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. CVE-2018-19582 GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. CVE-2018-19581 GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. CVE-2018-19580 All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. CVE-2018-19579 GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. CVE-2018-19578 GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. CVE-2018-19577 Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CVE-2018-19576 GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. CVE-2018-19575 GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. CVE-2018-19574 GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CVE-2018-19573 GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. CVE-2018-19572 GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CVE-2018-19571 GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CVE-2018-19570 GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. CVE-2018-19569 GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CVE-2018-19359 GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. CVE-2018-19496 An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. CVE-2018-19495 An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. CVE-2018-19494 An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. CVE-2018-19493 An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. CVE-2018-18649 An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. CVE-2018-18648 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. CVE-2018-18647 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. CVE-2018-18646 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. CVE-2018-19856 GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. CVE-2018-18645 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. CVE-2018-18644 An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. CVE-2018-18643 GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. CVE-2018-18642 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. CVE-2018-18641 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. CVE-2018-18640 An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. CVE-2018-17939 An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. CVE-2018-18843 The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. CVE-2018-20144 GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. CVE-2018-20499 An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. CVE-2018-20498 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-20491 An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. CVE-2018-20490 An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. CVE-2018-20493 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-20492 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control (issue 2 of 6). CVE-2018-20495 An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. CVE-2018-20494 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-20497 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF. CVE-2018-20496 An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. CVE-2018-20488 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure. CVE-2018-20489 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-20229 GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. CVE-2018-20501 An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-20500 An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves ... CVE-2018-20507 An issue was discovered in GitLab Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. CVE-2018-3710 Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. CVE-2018-8801 GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. CVE-2018-9243 GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. CVE-2018-9244 GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. CVE-2019-10640 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. CVE-2019-10109 An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image coul ... CVE-2019-10108 An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels. CVE-2019-10110 An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials ... CVE-2019-10112 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived. CVE-2019-10111 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page. CVE-2019-10114 An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing dat ... CVE-2019-10113 An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption. CVE-2019-10116 An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue. CVE-2019-10115 An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information. CVE-2019-10117 An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. CVE-2019-11000 An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. CVE-2019-11605 An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. CVE-2019-11545 An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. CVE-2019-11546 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. CVE-2019-11544 An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restriction ... CVE-2019-11549 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors. CVE-2019-11547 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. CVE-2019-11548 An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. CVE-2019-12443 An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. CVE-2019-12444 An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. CVE-2019-12441 An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. CVE-2019-12442 An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. CVE-2019-12445 An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. CVE-2019-12446 An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. CVE-2019-12429 An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. CVE-2019-12428 An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. CVE-2019-12432 An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. CVE-2019-12433 An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. CVE-2019-12431 An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. CVE-2019-12434 An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure. CVE-2019-12825 Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them ... CVE-2019-13011 An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity. CVE-2019-13010 An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption. CVE-2019-13001 An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. CVE-2019-13121 An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. CVE-2019-13005 An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. CVE-2019-13004 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2). CVE-2019-13003 An issue was discovered in GitLab Community and Enterprise Edition before 12.0.3. One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. CVE-2019-13002 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. CVE-2019-13009 An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control. CVE-2019-13007 An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. CVE-2019-13006 An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. CVE-2019-15594 GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. CVE-2019-15576 An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. CVE-2019-15577 An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing. CVE-2019-15578 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests. CVE-2019-15579 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones. CVE-2019-15575 A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. CVE-2019-15580 An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. CVE-2019-15581 An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. CVE-2019-15582 An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. CVE-2019-15589 An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before. CVE-2019-15583 An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab A ... CVE-2019-15584 A denial of service exists in gitlab <v12.3.2, <v12.2.6, and <v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page. CVE-2019-15585 Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. CVE-2019-15586 A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. CVE-2019-15590 An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration CVE-2019-15591 An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. CVE-2019-14943 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. CVE-2019-15721 An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. CVE-2019-15722 An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. CVE-2019-15727 An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. CVE-2019-15728 An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. CVE-2019-15729 An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. CVE-2019-15723 An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. CVE-2019-15724 An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. CVE-2019-15725 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. CVE-2019-15726 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. CVE-2019-15730 An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the l ... CVE-2019-15731 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. CVE-2019-15732 An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. CVE-2019-15733 An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. CVE-2019-15738 An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. CVE-2019-15739 An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. CVE-2019-15734 An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. CVE-2019-15736 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. CVE-2019-15737 An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. CVE-2019-15740 An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. CVE-2019-16170 An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. CVE-2019-19629 In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration. CVE-2019-19628 In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. CVE-2019-19313 GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. CVE-2019-19312 GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API. CVE-2019-19314 GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. CVE-2019-18448 An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Incorrect Access Control. CVE-2019-18447 An issue was discovered in GitLab Community and Enterprise Edition before 12.4. It has Insecure Permissions. CVE-2019-18449 An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2). CVE-2019-18446 An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4. It has Insecure Permissions (issue 1 of 2). CVE-2019-18451 An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. CVE-2019-18450 An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions. CVE-2019-18453 An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions. CVE-2019-18452 An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions. CVE-2019-18459 An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4). CVE-2019-18458 An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). CVE-2019-18455 An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop. CVE-2019-18454 An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. CVE-2019-18457 An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. CVE-2019-18456 An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4). CVE-2019-19309 GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control. CVE-2019-18462 An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions. CVE-2019-18461 An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control. CVE-2019-19311 GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. CVE-2019-18463 An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 4 of 4). CVE-2019-19310 GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure. CVE-2019-18460 An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control. CVE-2019-19254 GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control. CVE-2019-19256 GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control. CVE-2019-19255 GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control. CVE-2019-19258 GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control. CVE-2019-19257 GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2). CVE-2019-19259 GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR). CVE-2019-19261 GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. CVE-2019-19260 GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2). CVE-2019-19263 GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions. CVE-2019-19262 GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions. CVE-2019-19088 Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. CVE-2019-19087 Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2). CVE-2019-19086 Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2). CVE-2019-20148 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. CVE-2019-20147 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. CVE-2019-20146 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. CVE-2019-20145 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. CVE-2019-20144 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. CVE-2019-20142 An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. CVE-2019-5461 An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. CVE-2019-5462 A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. CVE-2019-5467 An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. CVE-2019-5468 An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account. CVE-2019-5469 An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets. CVE-2019-5463 An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. CVE-2019-5464 A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. CVE-2019-5465 An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. CVE-2019-5466 An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. CVE-2019-5470 An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. CVE-2019-5471 An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. CVE-2019-5472 An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments. CVE-2019-5474 An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. CVE-2019-5486 A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. CVE-2019-5487 An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. CVE-2019-6240 An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. CVE-2019-5883 An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to. CVE-2019-6781 An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. CVE-2019-6782 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed. CVE-2019-6787 An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users. CVE-2019-6788 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the use ... CVE-2019-6789 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 4 of 6). In some cases, users without project permissions will receive emails after a project move. For private projects, this wil ... CVE-2019-6783 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. CVE-2019-6784 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. CVE-2019-6785 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. CVE-2019-6786 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. CVE-2019-6790 An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. CVE-2019-6791 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. CVE-2019-6792 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information. CVE-2019-6793 An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. CVE-2019-6794 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 5 of 6). A project guest user can view the last commit status of the default branch. CVE-2019-6795 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engin ... CVE-2019-6796 An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. CVE-2019-6797 An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI. CVE-2019-7549 An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information. CVE-2019-7353 An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects. CVE-2019-7155 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges ... CVE-2019-7176 An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. CVE-2019-6960 An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled. CVE-2019-6996 An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of ... CVE-2019-6997 An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles. CVE-2019-6995 An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. CVE-2019-9732 An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. CVE-2019-9866 An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. CVE-2019-9756 An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. CVE-2019-9890 An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. CVE-2019-9219 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). CVE-2019-9218 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). CVE-2019-9217 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. CVE-2019-9222 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. CVE-2019-9221 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). CVE-2019-9224 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). CVE-2019-9223 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. CVE-2019-9220 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. CVE-2019-9225 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). CVE-2019-9485 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. CVE-2019-9170 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. CVE-2019-9172 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). CVE-2019-9171 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). CVE-2019-9178 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5). CVE-2019-9179 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). CVE-2019-9174 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. CVE-2019-9176 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. CVE-2019-9175 An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5). CVE-2021-22205 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. CVE-2020-14155 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. |