Filtered by vendor Gitlab
Subscribe
Search
Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0917 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2017-0922 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | |||||
| CVE-2017-0923 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. | |||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.0 MEDIUM | 7.2 HIGH |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
| CVE-2017-0926 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | |||||
| CVE-2017-0927 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. | |||||
| CVE-2016-9469 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 5.0 MEDIUM | 8.2 HIGH |
| Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee. | |||||
| CVE-2018-19359 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. | |||||
| CVE-2017-0920 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. | |||||
| CVE-2018-16048 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. | |||||
| CVE-2018-14601 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. | |||||
| CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. | |||||
| CVE-2017-11438 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | |||||
| CVE-2018-18647 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. | |||||
| CVE-2017-11437 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | |||||
| CVE-2018-20144 | 1 Gitlab | 1 Gitlab | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. | |||||
| CVE-2019-15727 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. | |||||
| CVE-2019-15728 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. | |||||
| CVE-2019-15730 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. | |||||
| CVE-2019-15734 | 1 Gitlab | 1 Gitlab | 2019-09-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. | |||||
| CVE-2019-15721 | 1 Gitlab | 1 Gitlab | 2019-09-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. | |||||
| CVE-2019-15738 | 1 Gitlab | 1 Gitlab | 2019-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. | |||||
| CVE-2019-15740 | 1 Gitlab | 1 Gitlab | 2019-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. | |||||
| CVE-2019-15739 | 1 Gitlab | 1 Gitlab | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | |||||
| CVE-2019-11545 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue. | |||||
| CVE-2019-11546 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 3.5 LOW | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. | |||||
| CVE-2019-11548 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint. | |||||
| CVE-2019-6793 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 6.8 MEDIUM | 7.0 HIGH |
| An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. | |||||
| CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | |||||
| CVE-2019-6784 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 1 of 2). Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS. | |||||
| CVE-2019-11605 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a read_user scoped token. | |||||
| CVE-2019-6995 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues. | |||||
| CVE-2019-6791 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility. | |||||
| CVE-2019-6796 | 1 Gitlab | 1 Gitlab | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. | |||||
| CVE-2019-9866 | 1 Gitlab | 1 Gitlab | 2019-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. | |||||
| CVE-2019-14943 | 1 Gitlab | 1 Gitlab | 2019-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | |||||
| CVE-2018-19577 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | |||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||
| CVE-2018-19576 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 6.4 MEDIUM | 8.1 HIGH |
| GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | |||||
| CVE-2018-19572 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. | |||||
| CVE-2018-19569 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 6.5 MEDIUM | 8.8 HIGH |
| GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | |||||
| CVE-2018-19581 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | |||||
| CVE-2018-19580 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | |||||
| CVE-2018-19579 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | |||||
| CVE-2018-19578 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | |||||
| CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | |||||