CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19569
https://notcve.org/view.php?id=CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. CE/EE, versiones 8.8 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a una vulnerabilidad de autorización que permite el acceso a la interfaz de usuario web como usuario mediante un Token de Acceso Personal de cualquier ámbito. • http://www.securityfocus.com/bid/109118 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/50319 • CWE-285: Improper Authorization •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19576
https://notcve.org/view.php?id=CVE-2018-19576
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. CE/EE, versiones 8.6 hasta 11.x y anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8, y versiones 11.5 anteriores a 11.5.1 de GitLab, son vulnerables a un problema de control de acceso que permite a un usuario Guest realizar cambios o eliminar sus propios comentarios sobre un problema, después de que el problema se haya hecho Confidencial. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51238 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19572
https://notcve.org/view.php?id=CVE-2018-19572
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. CE versión 8.17 y posteriores y EE versión 8.3 y posteriores de GitLab, presenta una condición de carrera de tiempo de comprobación en el tiempo de uso de un symlink que permitiría el acceso no autorizado a archivos en el entorno chroot de Páginas de GitLab. Esto se corrige en las versiones 11.5.1, 11.4.8 y 11.3.11. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-pages/issues/98 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19577
https://notcve.org/view.php?id=CVE-2018-19577
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. CE/EE, versiones 8.6 hasta 11.x anteriores a 11.3.11, versiones 11.4 anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de Gitlab, son susceptibles a una vulnerabilidad de control de acceso incorrecta que muestra a un usuario no autorizado el título y el espacio de nombres de un problema confidencial • http://www.securityfocus.com/bid/109179 https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52444 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19495
https://notcve.org/view.php?id=CVE-2018-19495
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. Se detectó un problema en Community and Enterprise Edition versiones anteriores a 11.3.11, versiones 11.4.x anteriores a 11.4.8 y versiones 11.5.x anteriores a 11.5.1 de GitLab. Se presenta una vulnerabilidad de tipo SSRF en la integración de Prometheus. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ee/issues/8167 • CWE-918: Server-Side Request Forgery (SSRF) •