Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18644 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. | ||||
| CVE-2018-18645 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. | ||||
| CVE-2018-18647 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. | ||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | ||||
| CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. | ||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | ||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | ||||
| CVE-2018-18640 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. | ||||
| CVE-2018-18643 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | ||||
| CVE-2018-18648 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. | ||||
| CVE-2018-17976 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions. | ||||
| CVE-2018-17939 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. | ||||
| CVE-2018-17975 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API. | ||||
| CVE-2018-17452 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 9.8 Critical |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. | ||||
| CVE-2018-17536 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.4 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | ||||
| CVE-2018-17537 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.4 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | ||||
| CVE-2018-17449 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. | ||||
| CVE-2018-17453 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 5.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. | ||||
| CVE-2018-17450 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 4.3 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. | ||||
| CVE-2018-17455 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 7.5 High |
| An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. | ||||