CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0914
https://notcve.org/view.php?id=CVE-2017-0914
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. Las ediciones Community y Enterprise de Gitlab, en sus versiones 10.1, 10.2 y 10.2.4, son vulnerables a una inyección SQL en el componente MilestoneFinder que resulta en la divulgación de todos los datos en la base de datos de una instancia de Gitlab. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/298176 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0924
https://notcve.org/view.php?id=CVE-2017-0924
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en el componente labels que resulta en Cross-Site Scripting (XSS) persistente. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/294099 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0CVE-2017-0915
https://notcve.org/view.php?id=CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. Gitlab Community Edition 10.2.4 es vulnerable a una falta de validación de entradas en GitlabProjectsImportService que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/298873 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2017-0916
https://notcve.org/view.php?id=CVE-2017-0916
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. Gitlab Community Edition 10.3 es vulnerable a una falta de validación de entradas en la cola system_hook_push mediante el componente de enlace web que resulta en la ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://hackerone.com/reports/299473 https://www.debian.org/security/2018/dsa-4145 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 4%CPEs: 9EXPL: 0CVE-2018-3710
https://notcve.org/view.php?id=CVE-2018-3710
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Las ediciones Community y Enterprise de Gitlab, en su versión 10.3.3, son vulnerables a un archivo temporal inseguro en el componente de importación de proyectos, lo que resulta en una ejecución remota de código. • https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released https://gitlab.com/gitlab-com/infrastructure/issues/3510 https://gitlab.com/gitlab-org/gitlab-ce/issues/41757 https://hackerone.com/reports/302959 https://www.debian.org/security/2018/dsa-4145 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-377: Insecure Temporary File •