CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-20144
https://notcve.org/view.php?id=CVE-2018-20144
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. GitLab Community and Enterprise Edition, en las versiones 11.x anteriores a la 11.3.13 y en las 11.4.x anteriores a la 11.4.11 y en las 11.5.x anteriores a la 11.5.4, tiene un control de acceso incorrecto. • https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/55200 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19856
https://notcve.org/view.php?id=CVE-2018-19856
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. GitLab CE/EE, en versiones anteriores a la 11.3.12, versiones 11.4.x anteriores a la 11.4.10 y versiones 11.5.x anteriores a la 11.5.3, permite el salto de directorio en la API de plantillas. • https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54857 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •