CVE-2018-12606
https://notcve.org/view.php?id=CVE-2018-12606
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La wiki contiene un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida que afecta a una característica de marcado determinada. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14601
https://notcve.org/view.php?id=CVE-2018-14601
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab en versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una denegación de servicio (DoS) porque los tiempos de renderizado de Markdown son lentos. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49409 •
CVE-2018-14605
https://notcve.org/view.php?id=CVE-2018-14605
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el nombre de branch durante un commit de archivo IDE web. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/47793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14606
https://notcve.org/view.php?id=CVE-2018-14606
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) mediante un nombre Milestone durante una promoción. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/48617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14604
https://notcve.org/view.php?id=CVE-2018-14604
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el tooltip del job dento del pipeline CI/CD. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •