CVE-2019-9176
https://notcve.org/view.php?id=CVE-2019-9176
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. Se descubrió un problema en GitLab Community y Enterprise Edition en la versión anterior a 11.6.10, versión 11.7.x anterior a 11.7.6 y versión 11.8.x anterior a 11.8.1. Permite Cross Site Request Forgery (CSRF). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/55664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-9756
https://notcve.org/view.php?id=CVE-2019-9756
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. Se descubrió un problema en GitLab Community and Enterprise Edition versión 10.x (a partir de 10.8) y versión 11.x anterior a 11.6.10, versión 11.7.x anterior a 11.7.6 y versión 11.8.x anterior a 11.8.1. tiene un control de acceso, una vulnerabilidad diferente a la CVE-2019-9732. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released https://about.gitlab.com/blog/categories/releases https://gitlab.com/gitlab-org/gitlab-ce/issues/54243 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2019-7155
https://notcve.org/view.php?id=CVE-2019-7155
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group. Se detectó un problema en GitLab Community and Enterprise Edition versiones 9.x, 10.x, y 11.x en versiones anteriores a la 11.5.8, 11.6.x en versiones anteriores a la 11.6.6, y 11.7.x en versiones anteriores a la 11.7.1. Presenta un control de acceso incorrecto. • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/42726 • CWE-269: Improper Privilege Management •
CVE-2019-6796
https://notcve.org/view.php?id=CVE-2019-6796
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. Se detecto un problema en GitLab Community and Enterprise Edition anterior a versión 11.5.8, versión 11.6.x anterior a 11.6.6 y versión 11.7.x anterior a 11.7.1. Permite una vulnerabilidad de tipo XSS (problema 2 de 2). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/55320 https://gitlab.com/gitlab-org/gitlab-ce/issues/57112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20229
https://notcve.org/view.php?id=CVE-2018-20229
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. GitLab Community and Enterprise Edition, en versiones anteriores a la 11.3.14, las 11.4.x en versiones anteriores a la 11.4.12 y las 11.5.x en versiones anteriores a la 11.5.5 permite saltos de directorio. • https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •