CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10640
https://notcve.org/view.php?id=CVE-2019-10640
15 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. Se encontró un problema en GitLab Community and Enterprise Edition anterior11.7.10, 11.8.x anterior 11.8.6, and 11.9.x anterior 11.9.4.Un problema de validación de entrada de expresiones regulares para el valor de refs .gitlab-ci.yml permite el consumo de recursos no contro... • https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11000
https://notcve.org/view.php?id=CVE-2019-11000
10 May 2019 — An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure. Se descubrió un problema en GitLab Enterprise Edition antes de la versión 11.7.11, 11.8.x anterior a la versión 11.8.7, y 11.9.x anterior a 11.9.7. Permite la Divulgación de Información. • http://www.securityfocus.com/bid/108301 •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2018-18643
https://notcve.org/view.php?id=CVE-2018-18643
25 Apr 2019 — GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. GitLab CE & EE versiones posteriores a 11.2 y anteriores a 11.5.0-rc12, 11.4.6 y 11.3.10 tienen Cross-site scripting (XSS) persistente. • https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9220
https://notcve.org/view.php?id=CVE-2019-9220
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. Se descubrió un problema en GitLab Community and Enterprise Edition antes de 11.6.10, 11.7.x antes de 11.7.6 y 11.8.x antes de 11.8.1. Permite el consumo de recursos no controlados. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9223
https://notcve.org/view.php?id=CVE-2019-9223
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. Se descubrió un problema en GitLab Community y Enterprise Edition anterior a la versión 11.6.10, 11.7.x anterior a la versión 11.7.6 y versión 11.8.x anterior a la versión11.8.1. Permite la exposición de la información. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9222
https://notcve.org/view.php?id=CVE-2019-9222
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Se detecto un problema en GitLab Community and Enterprise Edition anterior a versión 11.6.10, versión 11.7.x anterior a 11.7.6 y versión 11.8.x anterior a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9217
https://notcve.org/view.php?id=CVE-2019-9217
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. Se descubrió un problema en GitLab Community y Enterprise Edition versión anterior a 11.6.10, versión 11.7.x anterior a 11.7.6 y versión 11.8.x anterior a 11.8.1. Su interfaz de usuario presenta una falsificación de información crítica. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9219
https://notcve.org/view.php?id=CVE-2019-9219
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). Se descubrió un problema en GitLab Community and Enterprise Edition antes de 11.6.10, 11.7.x antes de 11.7.6 y 11.8.x antes de 11.8.1. Tiene control de acceso incorrecto (problema 2 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9225
https://notcve.org/view.php?id=CVE-2019-9225
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). Se descubrió un problema en GitLab Community and Enterprise Edition antes de 11.6.10, 11.7.x antes de 11.7.6 y 11.8.x antes de 11.8.1. Tiene control de acceso incorrecto (problema 5 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-9224
https://notcve.org/view.php?id=CVE-2019-9224
17 Apr 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). Se descubrió un problema en GitLab Community and Enterprise Edition antes de 11.6.10, 11.7.x antes de 11.7.6 y 11.8.x antes de 11.8.1. Tiene control de acceso incorrecto (problema 4 de 5). • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released • CWE-862: Missing Authorization •