CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0927
https://notcve.org/view.php?id=CVE-2017-0927
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users. Gitlab Community Edition 10.3 es vulnerable a un problema de autorización incorrecta en el componente deployment keys que resulta en el uso no autorizado de claves de implementación por parte de usuarios invitados. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/37594 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0CVE-2017-0915
https://notcve.org/view.php?id=CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en GitlabProjectsImportService que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/298873 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2017-0916
https://notcve.org/view.php?id=CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a una falta de validación de entradas en la cola system_hook_push mediante el componente de enlace web que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/299473 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2018-3710
https://notcve.org/view.php?id=CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Las ediciones Community y Enterprise de Gitlab, en su versión 10.3.3, son vulnerables a un archivo temporal inseguro en el componente de importación de proyectos, lo que resulta en una ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-com/infrastructure/issues/3510 https://gitlab.com/gitlab-org/gitlab-ce/issues/41757 https://hackerone.com/reports/302959 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-377: Insecure Temporary File •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-0918
https://notcve.org/view.php?id=CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a un problema de salto de directorio en el componente GitLab CI runner que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/301432 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •