CVE-2018-14602
https://notcve.org/view.php?id=CVE-2018-14602
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una divulgación de información porque la característica de métricas de Prometheus revela nombres de rutas de proyectos privados. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-com/infrastructure/issues/4423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-14605
https://notcve.org/view.php?id=CVE-2018-14605
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el nombre de branch durante un commit de archivo IDE web. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/47793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14603
https://notcve.org/view.php?id=CVE-2018-14603
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Request Forgery (CSRF) en la característica Test del componente System Hooks. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-14604
https://notcve.org/view.php?id=CVE-2018-14604
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el tooltip del job dento del pipeline CI/CD. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14606
https://notcve.org/view.php?id=CVE-2018-14606
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) mediante un nombre Milestone durante una promoción. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/48617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •