NotCVE - vendor:"Gitlab" product:"Gitlab" version:" >= 10.1.0

Page 109 of 544 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-0917

https://notcve.org/view.php?id=CVE-2017-0917

Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en el componente de trabajo CI que resulta en Cross-Site Scripting (XSS) persistente. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/299525 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-0918

https://notcve.org/view.php?id=CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a un problema de salto de directorio en el componente GitLab CI runner que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/301432 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2017-0926

https://notcve.org/view.php?id=CVE-2017-0926

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente Oauth sign-in que resulta en el inicio de sesión de un usuario no autorizado. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/32198 https://www.debian.org/security/2018/dsa-4145 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

CVE-2017-0925

https://notcve.org/view.php?id=CVE-2017-0925

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. Gitlab Enterprise Edition 10.1.0 es vulnerable a un problema de credenciales protegidas de forma insuficiente en el endpoint de API de proyecto de integración de servicio que resulta en la divulgación de información de contraseñas en texto plano. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-org/gitlab-ee/issues/3847 https://www.debian.org/security/2018/dsa-4145 • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •

1...107 108 109