CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18645
https://notcve.org/view.php?id=CVE-2018-18645
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante los enlaces de desuscripción en las respuestas de emails. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18640
https://notcve.org/view.php?id=CVE-2018-18640
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante el cacheo del navegador. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18642
https://notcve.org/view.php?id=CVE-2018-18642
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene Cross-Site Scripting (XSS). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18644
https://notcve.org/view.php?id=CVE-2018-18644
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.x anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante la integración con Gitlab Prometheus. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-18641
https://notcve.org/view.php?id=CVE-2018-18641
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene almacenamiento en texto claro de información sensible. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18648
https://notcve.org/view.php?id=CVE-2018-18648
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante un mensaje de error. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18646
https://notcve.org/view.php?id=CVE-2018-18646
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18647
https://notcve.org/view.php?id=CVE-2018-18647
04 Dec 2018 — An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una falta de autorización. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18843
https://notcve.org/view.php?id=CVE-2018-18843
04 Dec 2018 — The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. La integración con Kubernetes en la edición Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.2.8, versiones 11.3.x anteriores a la 11.3.9 y versiones 11.4.x anteriores a la 11.4.4, tiene Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 1CVE-2018-18649
https://notcve.org/view.php?id=CVE-2018-18649
29 Nov 2018 — An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. Se ha descubierto un problema en la API wiki en GitLab Community and Enterprise Edition en versiones anteriores a la 11.2.7, 11.3.x anteriores a la 11.3.8 y 11.4.x anteriores a la 11.4.3. Esto permite la ejecución remota de código. • https://github.com/Snowming04/CVE-2018-18649 •