NotCVE - vendor:"Gitlab" product:"Gitlab" version:" >= 8.3.0

Page 45 of 560 results (0.014 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19583

https://notcve.org/view.php?id=CVE-2018-19583

10 Jul 2019 — GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. CE/EE, versiones 8.0 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, registraría tokens de acceso en los registros Workhorse, permitiendo a los administradores con acceso a los registros visualizar otros tokens de usuar... • http://www.securityfocus.com/bid/109166 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19580

https://notcve.org/view.php?id=CVE-2018-19580

10 Jul 2019 — All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. GitLab versiones anteriores a 11.5.1, 11.4.8 y 11.3.11, no envían un correo electrónico a la dirección de correo electrónico anterior cuando es realizado un cambio de dirección de correo electrónico. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-20: Improper Input Validation •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 5

CVE-2018-19571 – GitLab 11.4.7 - RCE (Authenticated)

https://notcve.org/view.php?id=CVE-2018-19571

10 Jul 2019 — GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. CE/EE, versiones 8.18 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son susceptibles a una vulnerabilidad de tipo SSRF en los webhooks. • https://www.exploit-db.com/exploits/49334 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19574

https://notcve.org/view.php?id=CVE-2018-19574

10 Jul 2019 — GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. CE/EE, versiones 7.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en la página de autorización OAuth. • http://www.securityfocus.com/bid/109163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19569

https://notcve.org/view.php?id=CVE-2018-19569

10 Jul 2019 — GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CE/EE, versiones 8.8 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de autorización que permite el acceso a la interfaz de usuario web como usuario mediante un Token de ... • http://www.securityfocus.com/bid/109118 • CWE-285: Improper Authorization •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19575

https://notcve.org/view.php?id=CVE-2018-19575

10 Jul 2019 — GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. CE/EE, versiones 10.1 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de referencia de objeto directo no seguro que permite al usuario realizar comentarios sobre un problema bloqueado. • http://www.securityfocus.com/bid/109121 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19576

https://notcve.org/view.php?id=CVE-2018-19576

10 Jul 2019 — GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. CE/EE, versiones 8.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de control de acceso que permite a un usuario Guest realizar cambios o elimin... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-284: Improper Access Control •

CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19572

https://notcve.org/view.php?id=CVE-2018-19572

10 Jul 2019 — GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CE versión 8.17 y posteriores y EE versión 8.3 y posteriores de GitLab, presenta una condición de carrera de tiempo de comprobación en el tiempo de uso de un symlink que permitiría el acceso no autorizado a archivos en el entorno chroot de Páginas de GitLab. Esto se... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19570

https://notcve.org/view.php?id=CVE-2018-19570

10 Jul 2019 — GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. CE/EE, versiones 11.3 anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en los campos Markdown por medio de etiquetas HTML no reconocidas. • http://www.securityfocus.com/bid/109169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19573

https://notcve.org/view.php?id=CVE-2018-19573

10 Jul 2019 — GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. CE/EE, versiones 10.3 hasta 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en los campos Markdown por medio de Mermaid. • http://www.securityfocus.com/bid/109164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...43 44 45 46 47