Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-14001
The kramdown gem prior to 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="...
Kramdown Project Kramdown
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
668
VMScore
CVE-2020-10980
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
Gitlab Gitlab
668
VMScore
CVE-2020-10956
GitLab 8.10 and later up to and including 12.9 is vulnerable to an SSRF in a project import note feature.
Gitlab Gitlab
668
VMScore
CVE-2020-10077
GitLab EE 3.0 up to and including 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
Gitlab Gitlab
668
VMScore
CVE-2020-10074
GitLab 10.1 up to and including 12.8.1 has Incorrect Access Control. A scenario exists in which a GitLab account could be taken over through an expired link.
Gitlab Gitlab
668
VMScore
CVE-2019-12443
An issue exists in GitLab Community and Enterprise Edition 10.2 up to and including 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
Gitlab Gitlab
668
VMScore
CVE-2019-12428
An issue exists in GitLab Community and Enterprise Edition 6.8 up to and including 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
Gitlab Gitlab
668
VMScore
CVE-2020-8113
GitLab 10.7 and later up to and including 12.7.2 has Incorrect Access Control.
Gitlab Gitlab
668
VMScore
CVE-2020-8114
GitLab EE 8.9 and later up to and including 12.7.2 has Insecure Permission
Gitlab Gitlab
668
VMScore
CVE-2019-5464
A flawed DNS rebinding protection issue exists in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
Gitlab Gitlab
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »