|
225071
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15739
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225072
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
|
CWE-200
Information Exposure
|
CVE-2019-15738
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225073
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
|
NVD-CWE-noinfo
|
CVE-2019-15737
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225074
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-15736
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225075
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did no…
|
CWE-200
Information Exposure
|
CVE-2019-15734
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225076
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
|
CWE-200
Information Exposure
|
CVE-2019-15733
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225077
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
|
NVD-CWE-noinfo
|
CVE-2019-15732
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225078
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project membe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-15731
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225079
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-15730
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225080
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an at…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-15728
|
2024-11-21 13:29 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
