CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10113
https://notcve.org/view.php?id=CVE-2019-10113
16 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10111
https://notcve.org/view.php?id=CVE-2019-10111
15 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page. Se descubrió un problermaff en GitLab Community and Enterprise Edition anterior a la versión 11.7.8, versión 11.8.x anterior a la 11.8.4 y versión 11.9.x anterior a la 11.9.2. Permite XSS continuo en la página de solicitud de fusión "resolve conflicts". • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10110
https://notcve.org/view.php?id=CVE-2019-10110
15 May 2019 — An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials. Se detecto un problema de permisos no seguros en GitLab Community and Enterprise Edition anterior 11.7.8, 11.8.x anterior 11.8.4, y anterior 11.9.2. La función "move issue" puede permitir a un usuario crear pro... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 2CVE-2019-10109
https://notcve.org/view.php?id=CVE-2019-10109
15 May 2019 — An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present). Se descubrió un problema de exposición a la información ( problema 1 de 2) en GitLab Community and Enterprise Edition antes de 11.7.8, 11.... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10108
https://notcve.org/view.php?id=CVE-2019-10108
15 May 2019 — An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels. Un control de acceso incorrecto ( problema 1 de 2) fue descubierto en GitLab Community and Enterprise Edition anterior 11.7.8, 11.8.x anterior 11.8.4, and 11.9.x anterior 11.9.2, esto permitió a los no miembros de un grupo o proyecto privado añadir y leer etiquetas. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10640
https://notcve.org/view.php?id=CVE-2019-10640
15 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Se encontró un problema en GitLab Community and Enterprise Edition anterior11.7.10, 11.8.x anterior 11.8.6, and 11.9.x anterior 11.9.4.Un problema de validación de entrada de expresiones regulares para el valor de refs .gitlab-ci.yml permite el consumo de recursos no contro... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11000
https://notcve.org/view.php?id=CVE-2019-11000
10 May 2019 — An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. Se descubrió un problema en GitLab Enterprise Edition antes de la versión 11.7.11, 11.8.x anterior a la versión 11.8.7, y 11.9.x anterior a 11.9.7. Permite la Divulgación de Información. • http://www.securityfocus.com/bid/108301 •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 1CVE-2018-19359
https://notcve.org/view.php?id=CVE-2018-19359
25 Apr 2019 — GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. GitLab Community y Enterprise Edition versiones posteriores a 8.9 y anteriores a 11.5.0-rc12, 11.4.6, y 11.3.10 tienen Control de Acceso Incorrecto. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2018-18643
https://notcve.org/view.php?id=CVE-2018-18643
25 Apr 2019 — GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. GitLab CE & EE versiones posteriores a 11.2 y anteriores a 11.5.0-rc12, 11.4.6 y 11.3.10 tienen Cross-site scripting (XSS) persistente. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9220
https://notcve.org/view.php?id=CVE-2019-9220
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Community and Enterprise Edition antes de 11.6.10, 11.7.x antes de 11.7.6 y 11.8.x antes de 11.8.1. Permite el consumo de recursos no controlados. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-400: Uncontrolled Resource Consumption •