Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-14001
The kramdown gem prior to 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="...
Kramdown Project Kramdown
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
7.5
CVSSv2
CVE-2020-10980
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
Gitlab Gitlab
7.5
CVSSv2
CVE-2020-10956
GitLab 8.10 and later up to and including 12.9 is vulnerable to an SSRF in a project import note feature.
Gitlab Gitlab
7.5
CVSSv2
CVE-2020-10074
GitLab 10.1 up to and including 12.8.1 has Incorrect Access Control. A scenario exists in which a GitLab account could be taken over through an expired link.
Gitlab Gitlab
7.5
CVSSv2
CVE-2020-10077
GitLab EE 3.0 up to and including 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
Gitlab Gitlab
7.5
CVSSv2
CVE-2019-12443
An issue exists in GitLab Community and Enterprise Edition 10.2 up to and including 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
Gitlab Gitlab
7.5
CVSSv2
CVE-2019-12428
An issue exists in GitLab Community and Enterprise Edition 6.8 up to and including 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
Gitlab Gitlab
7.5
CVSSv2
CVE-2020-8113
GitLab 10.7 and later up to and including 12.7.2 has Incorrect Access Control.
Gitlab Gitlab
7.5
CVSSv2
CVE-2020-8114
GitLab EE 8.9 and later up to and including 12.7.2 has Insecure Permission
Gitlab Gitlab
7.5
CVSSv2
CVE-2019-5464
A flawed DNS rebinding protection issue exists in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
Gitlab Gitlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »