CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18646
https://notcve.org/view.php?id=CVE-2018-18646
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2018-16050
https://notcve.org/view.php?id=CVE-2018-16050
03 Oct 2018 — An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay Cross-Site Scripting (XSS) persistente en la vista Merge Request Changes. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-16051
https://notcve.org/view.php?id=CVE-2018-16051
03 Oct 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una exposición de archivos de subida huérfanos. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-16049
https://notcve.org/view.php?id=CVE-2018-16049
03 Oct 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgación de datos sensibles en los logs Sidekiq mediante un mensaje de error. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-16048
https://notcve.org/view.php?id=CVE-2018-16048
03 Oct 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una falta de controles de autorización para el almacenamiento de repositorios de la API. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2018-12606
https://notcve.org/view.php?id=CVE-2018-12606
03 Aug 2018 — An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La wiki contiene un problema de Cross-Site Scripting (XSS) persi... • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2018-12607
https://notcve.org/view.php?id=CVE-2018-12607
03 Aug 2018 — An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La característica charts contenía un problema de Cross-Site Scripting (XSS) persistente deb... • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-14603
https://notcve.org/view.php?id=CVE-2018-14603
27 Jul 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Request Forgery (CSRF) en la característica Test del componente System Hooks. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-14605
https://notcve.org/view.php?id=CVE-2018-14605
27 Jul 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.8.7, versiones 11.0.x anteriores a la 11.0.5 y versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir Cross-Site Scripting (XSS) en el nombre de branch durante un commit de archivo IDE web. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14601
https://notcve.org/view.php?id=CVE-2018-14601
27 Jul 2018 — An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab en versiones 11.1.x anteriores a la 11.1.2. Puede ocurrir una denegación de servicio (DoS) porque los tiempos de renderizado de Markdown son lentos. • https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released •