CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-8971
https://notcve.org/view.php?id=CVE-2018-8971
24 Mar 2018 — The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. La integración de Auth0 en GitLab, en versiones anteriores a la 10.3.9, versiones 10.4.x anteriores a la 10.4.6 y versiones 10.5.x anteriores a la 10.5.6 tiene una configuración omniauth-auth0 incorrecta, lo que da lugar al firmado de usuarios no deseados. • https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0920
https://notcve.org/view.php?id=CVE-2017-0920
22 Mar 2018 — GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance. Las ediciones Community y Enterprise de Gitlab, en versiones anteriores a la 10.1.6, 10.2.6 y 10.3.4, son vulnerables a un problema de omisión de autenticación en el componente Projects::MergeRequests::CreationsController. ... • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0927
https://notcve.org/view.php?id=CVE-2017-0927
21 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente deployment keys que resulta en el uso no autorizado de claves de implementación por parte de usuarios invitados. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0924
https://notcve.org/view.php?id=CVE-2017-0924
21 Mar 2018 — Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en el componente labels que resulta en Cross-Site Scripting (XSS) persistente. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0922
https://notcve.org/view.php?id=CVE-2017-0922
21 Mar 2018 — Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. Gitlab Enterprise Edition 10.3 es vulnerable a un problema de omisión de autenticación en el componente GitLab Projects::BoardsController que resulta en la divulgación de información en cualquier objeto board. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-639: Authorization Bypass Through User-Controlled Key CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2017-0916
https://notcve.org/view.php?id=CVE-2017-0916
18 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a una falta de validación de entradas en la cola system_hook_push mediante el componente de enlace web que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2018-3710
https://notcve.org/view.php?id=CVE-2018-3710
18 Mar 2018 — Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Las ediciones Community y Enterprise de Gitlab, en su versión 10.3.3, son vulnerables a un archivo temporal inseguro en el componente de importación de proyectos, lo que resulta en una ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2017-0915
https://notcve.org/view.php?id=CVE-2017-0915
18 Mar 2018 — Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en GitlabProjectsImportService que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-0918
https://notcve.org/view.php?id=CVE-2017-0918
18 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a un problema de salto de directorio en el componente GitLab CI runner que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2017-0926
https://notcve.org/view.php?id=CVE-2017-0926
18 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente Oauth sign-in que resulta en el inicio de sesión de un usuario no autorizado. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •