CVE-2019-10108
https://notcve.org/view.php?id=CVE-2019-10108
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels. Un control de acceso incorrecto ( problema 1 de 2) fue descubierto en GitLab Community and Enterprise Edition anterior 11.7.8, 11.8.x anterior 11.8.4, and 11.9.x anterior 11.9.2, esto permitió a los no miembros de un grupo o proyecto privado añadir y leer etiquetas. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/56985 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2019-10640
https://notcve.org/view.php?id=CVE-2019-10640
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Se encontró un problema en GitLab Community and Enterprise Edition anterior11.7.10, 11.8.x anterior 11.8.6, and 11.9.x anterior 11.9.4.Un problema de validación de entrada de expresiones regulares para el valor de refs .gitlab-ci.yml permite el consumo de recursos no controlados. • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/49665 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2019-11000
https://notcve.org/view.php?id=CVE-2019-11000
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. Se descubrió un problema en GitLab Enterprise Edition antes de la versión 11.7.11, 11.8.x anterior a la versión 11.8.7, y 11.9.x anterior a 11.9.7. Permite la Divulgación de Información. • http://www.securityfocus.com/bid/108301 https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released https://about.gitlab.com/blog/categories/releases •
CVE-2018-19359
https://notcve.org/view.php?id=CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control. GitLab Community y Enterprise Edition versiones posteriores a 8.9 y anteriores a 11.5.0-rc12, 11.4.6, y 11.3.10 tienen Control de Acceso Incorrecto. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/54189 •
CVE-2018-18643
https://notcve.org/view.php?id=CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. GitLab CE & EE versiones posteriores a 11.2 y anteriores a 11.5.0-rc12, 11.4.6 y 11.3.10 tienen Cross-site scripting (XSS) persistente. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/53385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •