Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user.
GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed.
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read.
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect to obtain the user OAuth token for those services.
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Path Disclosure. When an error is encountered on project import, the error message will display instance internal information.
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 1 of 6). An authorization issue allows the contributed project information of a private profile to be viewed.
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.
An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.
An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control.
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control.
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
An issue was discovered in GitLab Community and Enterprise Edition 8.17 through 12.4 in the Search feature provided by Elasticsearch integration.. It has Insecure Permissions (issue 1 of 4).
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.
An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4 when moving an issue to a public project from a private one. It has Insecure Permissions.
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.
An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.
A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions.
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.