CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18646
https://notcve.org/view.php?id=CVE-2018-18646
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51142 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-16048
https://notcve.org/view.php?id=CVE-2018-16048
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una falta de controles de autorización para el almacenamiento de repositorios de la API. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49947 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-16051
https://notcve.org/view.php?id=CVE-2018-16051
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una exposición de archivos de subida huérfanos. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/6012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-16049
https://notcve.org/view.php?id=CVE-2018-16049
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgación de datos sensibles en los logs Sidekiq mediante un mensaje de error. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2018-12607
https://notcve.org/view.php?id=CVE-2018-12607
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 10.7.6, versiones 10.8.x anteriores a la 10.8.5 y versiones 11.x anteriores a la 11.0.1. La característica charts contenía un problema de Cross-Site Scripting (XSS) persistente debido a la falta de cifrado de salida. • https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/45903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •