CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6796
https://notcve.org/view.php?id=CVE-2019-6796
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. Se detecto un problema en GitLab Community and Enterprise Edition anterior a versión 11.5.8, versión 11.6.x anterior a 11.6.6 y versión 11.7.x anterior a 11.7.1. Permite una vulnerabilidad de tipo XSS (problema 2 de 2). • https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/55320 https://gitlab.com/gitlab-org/gitlab-ce/issues/57112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-20229
https://notcve.org/view.php?id=CVE-2018-20229
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. GitLab Community and Enterprise Edition, en versiones anteriores a la 11.3.14, las 11.4.x en versiones anteriores a la 11.4.12 y las 11.5.x en versiones anteriores a la 11.5.5 permite saltos de directorio. • https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19856
https://notcve.org/view.php?id=CVE-2018-19856
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. GitLab CE/EE, en versiones anteriores a la 11.3.12, versiones 11.4.x anteriores a la 11.4.10 y versiones 11.5.x anteriores a la 11.5.3, permite el salto de directorio en la API de plantillas. • https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54857 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6240
https://notcve.org/view.php?id=CVE-2019-6240
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Se ha descubierto un problema en GitLab Community y Enterprise Edition en versiones anteriores a la 11.14. Permite el salto de directorio. • https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18645
https://notcve.org/view.php?id=CVE-2018-18645
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante los enlaces de desuscripción en las respuestas de emails. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/24498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •