Gitlab ≫ GitLab

GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.

GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.

GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.

GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.

GitLab through 12.9 is affected by a potential DoS in repository archive download.

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.