CVE-2018-18642
https://notcve.org/view.php?id=CVE-2018-18642
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene Cross-Site Scripting (XSS). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18644
https://notcve.org/view.php?id=CVE-2018-18644
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.x anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante la integración con Gitlab Prometheus. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/7528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-18645
https://notcve.org/view.php?id=CVE-2018-18645
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante los enlaces de desuscripción en las respuestas de emails. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/24498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-18640
https://notcve.org/view.php?id=CVE-2018-18640
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante el cacheo del navegador. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-17939
https://notcve.org/view.php?id=CVE-2018-17939
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.1.8, versiones 11.2.x anteriores a la 11.2.5 y versiones 11.3.x anteriores a la 11.3.2. Hay una exposición de información mediante el endpoint de petición JSON "merge". • https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4 https://gitlab.com/gitlab-org/gitlab-ce/issues/51956 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •