Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13312
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-14001
The kramdown gem prior to 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="...
Kramdown Project Kramdown
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
9.8
CVSSv3
CVE-2020-10980
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-10956
GitLab 8.10 and later up to and including 12.9 is vulnerable to an SSRF in a project import note feature.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-10074
GitLab 10.1 up to and including 12.8.1 has Incorrect Access Control. A scenario exists in which a GitLab account could be taken over through an expired link.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-10077
GitLab EE 3.0 up to and including 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
Gitlab Gitlab
9.8
CVSSv3
CVE-2019-12443
An issue exists in GitLab Community and Enterprise Edition 10.2 up to and including 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
Gitlab Gitlab
9.8
CVSSv3
CVE-2019-12428
An issue exists in GitLab Community and Enterprise Edition 6.8 up to and including 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-8113
GitLab 10.7 and later up to and including 12.7.2 has Incorrect Access Control.
Gitlab Gitlab
9.8
CVSSv3
CVE-2020-8114
GitLab EE 8.9 and later up to and including 12.7.2 has Insecure Permission
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »