CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-0918
https://notcve.org/view.php?id=CVE-2017-0918
18 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a un problema de salto de directorio en el componente GitLab CI runner que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2017-0926
https://notcve.org/view.php?id=CVE-2017-0926
18 Mar 2018 — Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente Oauth sign-in que resulta en el inicio de sesión de un usuario no autorizado. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2017-0925
https://notcve.org/view.php?id=CVE-2017-0925
18 Mar 2018 — Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. Gitlab Enterprise Edition 10.1.0 es vulnerable a un problema de credenciales protegidas de forma insuficiente en el endpoint de API de proyecto de integración de servicio que resulta en la divulgación de información de contraseñas en texto plano. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •