CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19570
https://notcve.org/view.php?id=CVE-2018-19570
10 Jul 2019 — GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. CE/EE, versiones 11.3 anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en los campos Markdown por medio de etiquetas HTML no reconocidas. • http://www.securityfocus.com/bid/109169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19573
https://notcve.org/view.php?id=CVE-2018-19573
10 Jul 2019 — GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. CE/EE, versiones 10.3 hasta 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de tipo XSS en los campos Markdown por medio de Mermaid. • http://www.securityfocus.com/bid/109164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19577
https://notcve.org/view.php?id=CVE-2018-19577
10 Jul 2019 — Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espaci... • http://www.securityfocus.com/bid/109179 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19496
https://notcve.org/view.php?id=CVE-2018-19496
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. Se descubrió un problema en Community and Enterprise Edition versiones 10.x y versiones 11.x anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Hay una vuln... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19495
https://notcve.org/view.php?id=CVE-2018-19495
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19494
https://notcve.org/view.php?id=CVE-2018-19494
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. Se detectó un problema en Community and Enterprise Edition versiones 11.x anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Hay una vulnerabilidad de acceso incorrecta que permite a un usuario no autorizado visua... • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19493
https://notcve.org/view.php?id=CVE-2018-19493
10 Jul 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. Se descubrió un problema en Community and Enterprise Edition versiones 11.x anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo XSS persistente en las páginas d... • http://www.securityfocus.com/bid/109122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9866
https://notcve.org/view.php?id=CVE-2019-9866
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3. It allows Information Disclosure. Fue encontrado un problema en GitLab Community and Enterprise Edition versión 11.x anterior a 11.7.7 y versión 11.8.x anterior a 11.8.3. Esta permite la divulgación de información. • https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-9732
https://notcve.org/view.php?id=CVE-2019-9732
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. Fue encontrado un problema en GitLab Community and Enterprise Edition versión 10.x (a partir de 10.8) y versión 11.x anteriores a 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta un control de acceso incorrecto. • https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9485
https://notcve.org/view.php?id=CVE-2019-9485
29 May 2019 — An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. Fue encontrado un problema en GitLab Community and Enterprise Edition anteriores a la versión 11.6.10, versión 11.7.x anteriores a 11.7.6 y versión 11.8.x anteriores a 11.8.1. Presenta permisos no seguros. • https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released •