CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18640
https://notcve.org/view.php?id=CVE-2018-18640
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una exposición de información mediante el cacheo del navegador. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18646
https://notcve.org/view.php?id=CVE-2018-18646
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Permite Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51142 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-16048
https://notcve.org/view.php?id=CVE-2018-16048
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una falta de controles de autorización para el almacenamiento de repositorios de la API. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49947 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-16051
https://notcve.org/view.php?id=CVE-2018-16051
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una exposición de archivos de subida huérfanos. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/6012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-16049
https://notcve.org/view.php?id=CVE-2018-16049
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgación de datos sensibles en los logs Sidekiq mediante un mensaje de error. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 • CWE-532: Insertion of Sensitive Information into Log File •