Cross-site Scripting XSS

CVE-2021-22260 (v3: 5.4) 5 Nov 2021
A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf
CVE-2020-13339 (v3: 6.5) 8 Oct 2020
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
CVE-2020-12276 (v3: 4.8) 29 Apr 2020
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVE-2020-10076 (v3: 6.1) 13 Mar 2020
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVE-2020-10078 (v3: 6.1) 13 Mar 2020
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.
CVE-2020-10091 (v3: 6.1) 13 Mar 2020
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.
CVE-2020-10092 (v3: 6.1) 13 Mar 2020
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
CVE-2019-12442 (v3: 6.1) 10 Mar 2020
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics.
CVE-2019-12444 (v3: 6.1) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability.
CVE-2019-12445 (v3: 5.4) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.
CVE-2020-7971 (v3: 6.1) 5 Feb 2020
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVE-2020-7973 (v3: 6.1) 5 Feb 2020
GitLab through 12.7.2 allows XSS.
CVE-2019-15586 (v3: 6.1) 28 Jan 2020
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2020-2096 (v3: 6.1) 15 Jan 2020
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
CVE-2019-19311 (v3: 5.4) 3 Jan 2020
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
CVE-2018-20490 (v3: 5.4) 30 Dec 2019
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20491 (v3: 5.4) 30 Dec 2019
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20496 (v3: 5.4) 30 Dec 2019
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2019-18454 (v3: 6.1) 26 Nov 2019
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.
CVE-2019-15739 (v3: 6.1) 16 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVE-2019-6784 (v3: 6.1) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS.
CVE-2019-11547 (v3: 6.1) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues.
CVE-2019-11548 (v3: 5.4) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
CVE-2019-5467 (v3: 5.4) 9 Sep 2019
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5471 (v3: 5.4) 9 Sep 2019
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVE-2018-19579 (v3: 5.4) 10 Jul 2019
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
CVE-2018-19570 (v3: 5.4) 10 Jul 2019
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
CVE-2018-19573 (v3: 5.4) 10 Jul 2019
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
CVE-2018-19574 (v3: 5.4) 10 Jul 2019
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
CVE-2018-19493 (v3: 6.1) 10 Jul 2019
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.
CVE-2019-10111 (v3: 5.4) 15 May 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
CVE-2018-18643 (v3: 6.1) 25 Apr 2019
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2019-6796 (v3: 6.1) 11 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
CVE-2018-18642 (v3: 6.1) 4 Dec 2018
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.
CVE-2018-16050 (v3: 6.1) 3 Oct 2018
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVE-2018-12605 (v3: 5.4) 3 Aug 2018
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
CVE-2018-12606 (v3: 5.4) 3 Aug 2018
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-12607 (v3: 5.4) 3 Aug 2018
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVE-2018-14604 (v3: 6.1) 27 Jul 2018
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
CVE-2018-14605 (v3: 5.4) 27 Jul 2018
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
CVE-2018-14606 (v3: 5.4) 27 Jul 2018
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
CVE-2018-10379 (v3: 6.1) 31 May 2018
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.
CVE-2018-9243 (v3: 6.1) 5 Apr 2018
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-9244 (v3: 6.1) 5 Apr 2018
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2017-0917 (v3: 6.1) 21 Mar 2018
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2017-0923 (v3: 6.1) 21 Mar 2018
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
CVE-2017-0924 (v3: 6.1) 21 Mar 2018
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
CVE-2017-8778 (v3: 6.1) 4 May 2017
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
CVE-2014-3456 (v2: 4.3) 13 May 2014
Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7316 (v2: 4.3) 24 Jan 2014
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.

Bounds of a Memory Buffer

Improper Input Validation

CVE-2020-10981 (v3: 4.3) 8 Apr 2020
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
CVE-2019-12433 (v3: 5.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.
CVE-2019-19313 (v3: 7.5) 5 Jan 2020
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
CVE-2019-6785 (v3: 6.5) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.
CVE-2019-6786 (v3: 6.5) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known.
CVE-2019-6795 (v3: 5.4) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social engineering.
CVE-2019-5461 (v3: 3.5) 9 Sep 2019
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2018-19580 (v3: 5.3) 10 Jul 2019
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
CVE-2019-9221 (v3: 5.5) 29 May 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).
CVE-2018-18649 (v3: 9.8) 29 Nov 2018
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.
CVE-2018-8971 (v3: 9.8) 24 Mar 2018
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
CVE-2017-0915 (v3: 9.8) 21 Mar 2018
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
CVE-2017-0916 (v3: 9.8) 21 Mar 2018
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
CVE-2017-12426 (v3: 8.8) 14 Aug 2017
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

Exposure to Unauthorized Actor

CVE-2020-11505 (v3: 7.5) 22 Apr 2020
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVE-2020-11506 (v3: 7.5) 22 Apr 2020
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVE-2020-10975 (v3: 4.3) 8 Apr 2020
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.
CVE-2020-10976 (v3: 7.5) 8 Apr 2020
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
CVE-2020-10978 (v3: 5.3) 8 Apr 2020
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
CVE-2020-10979 (v3: 4.3) 8 Apr 2020
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
CVE-2020-10955 (v3: 6.5) 27 Mar 2020
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
CVE-2020-10080 (v3: 5.3) 13 Mar 2020
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
CVE-2020-10084 (v3: 5.3) 13 Mar 2020
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
CVE-2020-10085 (v3: 5.3) 13 Mar 2020
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
CVE-2020-10087 (v3: 7.5) 13 Mar 2020
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
CVE-2020-10090 (v3: 5.3) 13 Mar 2020
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
CVE-2019-13006 (v3: 4.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through 12.0.2. Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control.
CVE-2019-13002 (v3: 4.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.
CVE-2019-12431 (v3: 4.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
CVE-2019-12432 (v3: 4.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.
CVE-2019-12434 (v3: 4.3) 10 Mar 2020
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.
CVE-2019-15592 (v3: 4.3) 14 Feb 2020
GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.
CVE-2019-15594 (v3: 4.3) 14 Feb 2020
GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.
CVE-2020-6833 (v3: 7.5) 5 Feb 2020
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
CVE-2020-7969 (v3: 7.5) 5 Feb 2020
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVE-2020-7974 (v3: 5.3) 5 Feb 2020
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVE-2020-7976 (v3: 5.3) 5 Feb 2020
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
CVE-2019-15578 (v3: 5.3) 28 Jan 2020
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
CVE-2019-15579 (v3: 5.3) 28 Jan 2020
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
CVE-2019-15582 (v3: 5.3) 28 Jan 2020
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
CVE-2019-15583 (v3: 7.5) 28 Jan 2020
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
CVE-2019-15590 (v3: 7.5) 28 Jan 2020
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
CVE-2019-5465 (v3: 4.3) 28 Jan 2020
An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.
CVE-2019-5466 (v3: 4.3) 28 Jan 2020
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
CVE-2019-5470 (v3: 7.5) 28 Jan 2020
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
CVE-2019-20147 (v3: 5.3) 13 Jan 2020
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control.
CVE-2019-20148 (v3: 5.3) 13 Jan 2020
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
CVE-2020-6832 (v3: 5.3) 13 Jan 2020
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
CVE-2019-19629 (v3: 7.5) 5 Jan 2020
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
CVE-2019-19312 (v3: 5.8) 5 Jan 2020
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
CVE-2019-19256 (v3: 5.3) 3 Jan 2020
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
CVE-2019-19257 (v3: 5.3) 3 Jan 2020
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 1 of 2).
CVE-2019-19258 (v3: 5.3) 3 Jan 2020
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
CVE-2019-19309 (v3: 4.3) 3 Jan 2020
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
CVE-2019-19086 (v3: 4.3) 3 Jan 2020
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
CVE-2019-19087 (v3: 4.3) 3 Jan 2020
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
CVE-2019-19254 (v3: 5.3) 3 Jan 2020
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
CVE-2018-20488 (v3: 4.3) 30 Dec 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
CVE-2018-20495 (v3: 5.3) 30 Dec 2019
An issue was discovered in GitLab Community and Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
CVE-2019-15576 (v3: 7.5) 18 Dec 2019
An information disclosure vulnerability exists in GitLab CE/EE
CVE-2019-15577 (v3: 4.3) 18 Dec 2019
An information disclosure vulnerability exists in GitLab CE/EE
CVE-2019-15580 (v3: 6.5) 18 Dec 2019
An information exposure vulnerability exists in gitlab.com
CVE-2019-15591 (v3: 6.5) 18 Dec 2019
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
CVE-2019-5487 (v3: 5.3) 18 Dec 2019
An improper access control vulnerability exists in Gitlab EE

Improper SQL ('SQL Injection')

CVE-2017-0914 (v3: 7.5) 21 Mar 2018
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

Out-of-bounds Read

Cross-Site Request Forgery (CSRF)

CVE-2019-10300 (v3: 8) 18 Apr 2019
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-9176 (v3: 6.5) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
CVE-2018-14603 (v3: 8.8) 27 Jul 2018
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

Path Traversal

CVE-2020-12448 (v3: 5.3) 7 May 2020
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
CVE-2020-10977 (v3: 5.5) 8 Apr 2020
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
CVE-2020-10953 (v3: 7.5) 27 Mar 2020
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
CVE-2020-10086 (v3: 5.3) 13 Mar 2020
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
CVE-2020-7966 (v3: 7.5) 5 Feb 2020
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.
CVE-2019-19628 (v3: 9.8) 5 Jan 2020
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
CVE-2019-19088 (v3: 9.8) 3 Jan 2020
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
CVE-2019-6783 (v3: 8.8) 9 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution.
CVE-2019-9222 (v3: 8.1) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVE-2018-20229 (v3: 7.5) 4 Apr 2019
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.
CVE-2018-20144 (v3: 7.5) 28 Mar 2019
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
CVE-2018-19856 (v3: 7.5) 26 Mar 2019
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
CVE-2019-6240 (v3: 7.5) 25 Mar 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
CVE-2018-14364 (v3: 9.8) 18 Jul 2018
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
CVE-2017-0918 (v3: 8.8) 21 Mar 2018
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2018-3710 (v3: 7.8) 21 Mar 2018
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

Improper Access Control

CVE-2018-19576 (v3: 8.1) 10 Jul 2019
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
CVE-2018-19494 (v3: 4.3) 10 Jul 2019
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
CVE-2018-19496 (v3: 6.5) 10 Jul 2019
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.
CVE-2018-19577 (v3: 5.3) 10 Jul 2019
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
CVE-2019-9732 (v3: 9.8) 29 May 2019
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
CVE-2019-7549 (v3: 4.3) 29 May 2019
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information.
CVE-2019-9218 (v3: 9.8) 29 May 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5).
CVE-2019-7353 (v3: 9.1) 17 May 2019
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.
CVE-2019-5883 (v3: 9.1) 17 May 2019
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.
CVE-2019-6787 (v3: 6.5) 17 May 2019
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.
CVE-2019-6790 (v3: 4.3) 17 May 2019
An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.
CVE-2019-10108 (v3: 5.4) 15 May 2019
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
CVE-2019-9756 (v3: 9.8) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
CVE-2019-9170 (v3: 5.3) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
CVE-2019-9219 (v3: 3.7) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
CVE-2019-9224 (v3: 5.3) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).
CVE-2019-9225 (v3: 5.3) 17 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
CVE-2019-7155 (v3: 6.5) 16 Apr 2019
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group.

Use After Free