CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17452
https://notcve.org/view.php?id=CVE-2018-17452
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17453
https://notcve.org/view.php?id=CVE-2018-17453
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17455
https://notcve.org/view.php?id=CVE-2018-17455
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature. • https://about.gitlab.com/blog/categories/releases https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0450
https://notcve.org/view.php?id=CVE-2023-0450
An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0450.json https://gitlab.com/gitlab-org/gitlab/-/issues/388962 https://hackerone.com/reports/1831547 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-1708
https://notcve.org/view.php?id=CVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1708.json https://gitlab.com/gitlab-org/gitlab/-/issues/387185 https://hackerone.com/reports/1805604 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •