Gitlab ≫ GitLab

GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remot...

The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repos...

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.

An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.