|
211341
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
|
CWE-200
Information Exposure
|
CVE-2020-10090
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211342
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-10089
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211343
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.
|
CWE-269
Improper Privilege Management
|
CVE-2020-10088
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211344
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
|
NVD-CWE-Other
|
CVE-2020-10087
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211345
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
|
CWE-22
Path Traversal
|
CVE-2020-10086
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211346
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
|
NVD-CWE-noinfo
|
CVE-2020-10085
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211347
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
|
NVD-CWE-noinfo
|
CVE-2020-10084
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211348
|
9.1 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-10083
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211349
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
|
NVD-CWE-noinfo
|
CVE-2020-10082
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211350
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
|
NVD-CWE-noinfo
|
CVE-2020-10081
|
2024-11-21 13:54 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
