CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18843
https://notcve.org/view.php?id=CVE-2018-18843
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. La integración con Kubernetes en la edición Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.2.8, versiones 11.3.x anteriores a la 11.3.9 y versiones 11.4.x anteriores a la 11.4.4, tiene Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53158 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-18641
https://notcve.org/view.php?id=CVE-2018-18641
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene almacenamiento en texto claro de información sensible. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51113 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18645
https://notcve.org/view.php?id=CVE-2018-18645
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante los enlaces de desuscripción en las respuestas de emails. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/24498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18648
https://notcve.org/view.php?id=CVE-2018-18648
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante un mensaje de error. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/50975 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18642
https://notcve.org/view.php?id=CVE-2018-18642
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene Cross-Site Scripting (XSS). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •