CVE-2018-17939
https://notcve.org/view.php?id=CVE-2018-17939
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.1.8, versiones 11.2.x anteriores a la 11.2.5 y versiones 11.3.x anteriores a la 11.3.2. Hay una exposición de información mediante el endpoint de petición JSON "merge". • https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4 https://gitlab.com/gitlab-org/gitlab-ce/issues/51956 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-18649
https://notcve.org/view.php?id=CVE-2018-18649
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. Se ha descubierto un problema en la API wiki en GitLab Community and Enterprise Edition en versiones anteriores a la 11.2.7, 11.3.x anteriores a la 11.3.8 y 11.4.x anteriores a la 11.4.3. Esto permite la ejecución remota de código. • https://github.com/Snowming04/CVE-2018-18649 https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53072 •