CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-19581
https://notcve.org/view.php?id=CVE-2018-19581
10 Jul 2019 — GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. EE, versiones 8.3 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, es susceptible a una vulnerabilidad de referencia de objeto no segura que permite a un usuario Guest establecer el peso de un problema que han diseñado. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19583
https://notcve.org/view.php?id=CVE-2018-19583
10 Jul 2019 — GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. CE/EE, versiones 8.0 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, registraría tokens de acceso en los registros Workhorse, permitiendo a los administradores con acceso a los registros visualizar otros tokens de usuar... • http://www.securityfocus.com/bid/109166 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19580
https://notcve.org/view.php?id=CVE-2018-19580
10 Jul 2019 — All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 5CVE-2018-19571 – GitLab 11.4.7 - RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2018-19571
10 Jul 2019 — GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19574
https://notcve.org/view.php?id=CVE-2018-19574
10 Jul 2019 — GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CE/EE, versiones 7.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en la página de autorización OAuth. • http://www.securityfocus.com/bid/109163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19569
https://notcve.org/view.php?id=CVE-2018-19569
10 Jul 2019 — GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CE/EE, versiones 8.8 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de autorización que permite el acceso a la interfaz de usuario web como usuario mediante un Token de ... • http://www.securityfocus.com/bid/109118 • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19575
https://notcve.org/view.php?id=CVE-2018-19575
10 Jul 2019 — GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. CE/EE, versiones 10.1 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de referencia de objeto directo no seguro que permite al usuario realizar comentarios sobre un problema bloqueado. • http://www.securityfocus.com/bid/109121 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19576
https://notcve.org/view.php?id=CVE-2018-19576
10 Jul 2019 — GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. CE/EE, versiones 8.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de control de acceso que permite a un usuario Guest realizar cambios o elimin... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19572
https://notcve.org/view.php?id=CVE-2018-19572
10 Jul 2019 — GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CE versión 8.17 y posteriores y EE versión 8.3 y posteriores de GitLab, presenta una condición de carrera de tiempo de comprobación en el tiempo de uso de un symlink que permitiría el acceso no autorizado a archivos en el entorno chroot de Páginas de GitLab. Esto se... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19577
https://notcve.org/view.php?id=CVE-2018-19577
10 Jul 2019 — Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espaci... • http://www.securityfocus.com/bid/109179 • CWE-284: Improper Access Control •