CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6240
https://notcve.org/view.php?id=CVE-2019-6240
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Se ha descubierto un problema en GitLab Community y Enterprise Edition en versiones anteriores a la 11.14. Permite el salto de directorio. • https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18645
https://notcve.org/view.php?id=CVE-2018-18645
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite la exposición de información mediante los enlaces de desuscripción en las respuestas de emails. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/24498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18640
https://notcve.org/view.php?id=CVE-2018-18640
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante el cacheo del navegador. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18646
https://notcve.org/view.php?id=CVE-2018-18646
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51142 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2018-12607
https://notcve.org/view.php?id=CVE-2018-12607
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La característica charts contenía un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •