CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0921
https://notcve.org/view.php?id=CVE-2017-0921
03 Jul 2018 — GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de cambio de contraseña sin verificar en el componente PasswordsController, lo que resulta en la toma de control de la cuenta si la sesi... • https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0919
https://notcve.org/view.php?id=CVE-2017-0919
03 Jul 2018 — GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de omisión de autorización en el componente de importación de GitLab. Esto resulta en que un atacante puede re... • https://hackerone.com/reports/301137 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-10379
https://notcve.org/view.php?id=CVE-2018-10379
31 May 2018 — An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. Se ha descubierto un problema en GitLab Community Edition (CE) y Enterprise Edition (EE), en versiones anteriores a la 10.5.8, versiones 10.6.x anteriores a la 10.6.5 y versiones 10.7.x anteriores a la 10.7.2. La característica Move Issue contenía una vulnerabilidad Cross-Site Scripting (XSS) persi... • http://www.securityfocus.com/bid/104491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-8971 – Debian Security Advisory 4206-1
https://notcve.org/view.php?id=CVE-2018-8971
24 Mar 2018 — The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. La integración de Auth0 en GitLab, en versiones anteriores a la 10.3.9, versiones 10.4.x anteriores a la 10.4.6 y versiones 10.5.x anteriores a la 10.5.6 tiene una configuración omniauth-auth0 incorrecta, lo que da lugar al firmado de usuarios no deseados. Several vulnerabilities have been discovered in Gitlab, a software platfor... • https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 96EXPL: 1CVE-2017-12426
https://notcve.org/view.php?id=CVE-2017-12426
14 Aug 2017 — GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. GitLab Community Edition (CE) y Enterprise Edition (EE) en versiones anteriores a la 8.17.8, 9.0.x en versiones anteriores a la 9.0.13, 9.1.x en versiones anteriores a la 9.1.10, 9.2.x en versiones anteriores a la 9.2.10, 9.3.x en ver... • https://github.com/sm-paul-schuette/CVE-2017-12426 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 1CVE-2017-8778
https://notcve.org/view.php?id=CVE-2017-8778
04 May 2017 — GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. GitLab anteriores a 8.14.9, 8.15.x anteriores a 8.15.6 y 8.16.x anteriores a 8.16.5 tienen XSS a través de un elemento SCRIPT en un archivo adjunto o un avatar que es un documento SVG. • https://about.gitlab.com/2017/02/15/gitlab-8-dot-16-dot-5-security-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4546
https://notcve.org/view.php?id=CVE-2013-4546
13 May 2014 — The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. La funcionalidad de importación de repositorios en gitlab-shell anterior a 1.7.4, utilizado en GitLab, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de la URL de importación. • http://www.openwall.com/lists/oss-security/2013/11/11/2 •
CVSS: 8.8EPSS: 53%CPEs: 21EXPL: 2CVE-2013-4490 – Gitlab-shell - Code Execution
https://notcve.org/view.php?id=CVE-2013-4490
13 May 2014 — The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. La funcionalidad de de subida de clave SSH (lib/gitlab_keys.rb) en gitlab-shell anterior a 1.7.3, utilizado en GitLab 5.0 anterior a 5.4.1 y 6.x anterior a 6.2.3, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell ... • https://packetstorm.news/files/id/127916 •
CVSS: 9.8EPSS: 0%CPEs: 128EXPL: 0CVE-2013-4580
https://notcve.org/view.php?id=CVE-2013-4580
12 May 2014 — GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. GitLab en versiones anteriores a 5.4.2, Community Edition en versiones anteriores a 6.2.4 y Enterprise Edition en versiones anteriores a 6.2.1, cuando se utiliza un backend MySQL, permite a atacantes remotos hacerse pasar por usuarios arbitrarios y eludir la autenticación a través de l... • http://www.openwall.com/lists/oss-security/2013/11/15/4 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 111EXPL: 0CVE-2013-4581
https://notcve.org/view.php?id=CVE-2013-4581
12 May 2014 — GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. GitLab 5.0 anterior a 5.4.2, Community Edition anterior a 6.2.4, Enterprise Edition anterior a 6.2.1 y gitlab-shell anterior a 1.7.8 permite a atacantes remotos ejecutar código arbitrario a través de un cambio manipulado que utiliza SSH. • http://www.openwall.com/lists/oss-security/2013/11/15/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •