CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2018-3710
https://notcve.org/view.php?id=CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Las ediciones Community y Enterprise de Gitlab, en su versión 10.3.3, son vulnerables a un archivo temporal inseguro en el componente de importación de proyectos, lo que resulta en una ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-com/infrastructure/issues/3510 https://gitlab.com/gitlab-org/gitlab-ce/issues/41757 https://hackerone.com/reports/302959 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2017-0916
https://notcve.org/view.php?id=CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a una falta de validación de entradas en la cola system_hook_push mediante el componente de enlace web que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/299473 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0917
https://notcve.org/view.php?id=CVE-2017-0917
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en el componente de trabajo CI que resulta en Cross-Site Scripting (XSS) persistente. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/299525 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-0918
https://notcve.org/view.php?id=CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a un problema de salto de directorio en el componente GitLab CI runner que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/301432 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2017-0926
https://notcve.org/view.php?id=CVE-2017-0926
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente Oauth sign-in que resulta en el inicio de sesión de un usuario no autorizado. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/32198 https://www.debian.org/security/2018/dsa-4145 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •