Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20229 | 1 Gitlab | 1 Gitlab | 2019-04-08 | N/A |
| GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. | ||||
| CVE-2019-6240 | 1 Gitlab | 1 Gitlab | 2019-03-26 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. | ||||
| CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-03-05 | N/A |
| The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | ||||
| CVE-2018-8801 | 1 Gitlab | 1 Gitlab | 2019-02-27 | N/A |
| GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | ||||
| CVE-2018-9244 | 1 Gitlab | 1 Gitlab | 2019-02-27 | N/A |
| GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | ||||
| CVE-2018-9243 | 1 Gitlab | 1 Gitlab | 2019-02-27 | N/A |
| GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | ||||
| CVE-2018-17939 | 1 Gitlab | 1 Gitlab | 2019-02-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. | ||||
| CVE-2018-17975 | 1 Gitlab | 1 Gitlab | 2019-02-05 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API. | ||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2019-02-05 | N/A |
| The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | ||||
| CVE-2018-17976 | 1 Gitlab | 1 Gitlab | 2018-12-28 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions. | ||||
| CVE-2018-18640 | 1 Gitlab | 1 Gitlab | 2018-12-27 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. | ||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2018-12-27 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | ||||
| CVE-2018-18644 | 1 Gitlab | 1 Gitlab | 2018-12-27 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. | ||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2018-12-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | ||||
| CVE-2018-18648 | 1 Gitlab | 1 Gitlab | 2018-12-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. | ||||
| CVE-2018-18645 | 1 Gitlab | 1 Gitlab | 2018-12-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. | ||||
| CVE-2018-16049 | 1 Gitlab | 1 Gitlab | 2018-12-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. | ||||
| CVE-2018-16051 | 1 Gitlab | 1 Gitlab | 2018-12-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. | ||||
| CVE-2018-16050 | 1 Gitlab | 1 Gitlab | 2018-11-19 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. | ||||
| CVE-2013-7316 | 1 Gitlab | 1 Gitlab | 2018-10-30 | N/A |
| Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html. | ||||