CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 5CVE-2018-19571 – GitLab 11.4.7 - RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2018-19571
10 Jul 2019 — GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19574
https://notcve.org/view.php?id=CVE-2018-19574
10 Jul 2019 — GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CE/EE, versiones 7.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en la página de autorización OAuth. • http://www.securityfocus.com/bid/109163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19569
https://notcve.org/view.php?id=CVE-2018-19569
10 Jul 2019 — GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CE/EE, versiones 8.8 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de autorización que permite el acceso a la interfaz de usuario web como usuario mediante un Token de ... • http://www.securityfocus.com/bid/109118 • CWE-285: Improper Authorization •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19576
https://notcve.org/view.php?id=CVE-2018-19576
10 Jul 2019 — GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. CE/EE, versiones 8.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de control de acceso que permite a un usuario Guest realizar cambios o elimin... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19572
https://notcve.org/view.php?id=CVE-2018-19572
10 Jul 2019 — GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CE versión 8.17 y posteriores y EE versión 8.3 y posteriores de GitLab, presenta una condición de carrera de tiempo de comprobación en el tiempo de uso de un symlink que permitiría el acceso no autorizado a archivos en el entorno chroot de Páginas de GitLab. Esto se... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19577
https://notcve.org/view.php?id=CVE-2018-19577
10 Jul 2019 — Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espaci... • http://www.securityfocus.com/bid/109179 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19495
https://notcve.org/view.php?id=CVE-2018-19495
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9485
https://notcve.org/view.php?id=CVE-2019-9485
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Fue encontrado un problema en GitLab Community and Enterprise Edition anteriores a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9221
https://notcve.org/view.php?id=CVE-2019-9221
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). Fue encontrado un problema en GitLab Community and Enterprise Edition anterior a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta un control de acceso incorrecto (problema 3 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9218
https://notcve.org/view.php?id=CVE-2019-9218
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). Fue encontrado un problema en GitLab Community and Enterprise Edition versión anterior de 11.6.10, versión 11.7.x anterior de 11.7.6 y versión 11.8.x anterior de 11.8.1. Tiene control de acceso incorrecto (problema 1 de 5). • https://about.gitlab.com/blog/categories/releases •