CVE-2019-11546
https://notcve.org/view.php?id=CVE-2019-11546
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge. Se detectó un problema en GitLab Community and Enterprise Edition versiones anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Presenta una condición de carrera que podría permitir a usuarios aprobar una petición de fusión varias veces y potencialmente alcanzar el conteo de aprobación requerido para fusionarse. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ee/issues/10357 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2019-11544
https://notcve.org/view.php?id=CVE-2019-11544
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository restrictions will receive emails about restricted events. Se detectó un problema en GitLab Community and Enterprise Edition versiones 8.x, 9.x, 10.x y versiones 11.x anteriores a 11.8.9, versiones 11.9.x anteriores a 11.9.10 y versiones 11.10.x anteriores a 11.10.2. Permite la divulgación de información. • https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/58372 •
CVE-2018-19578
https://notcve.org/view.php?id=CVE-2018-19578
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. EE de GitLab, versiones 11.5 anteriores a 11.5.1, es vulnerable a un problema de referencia de objeto no seguro lo que permite a un usuario con privilegios Reporter visualizar la página de Jaeger Tracing Operations . • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54228 • CWE-285: Improper Authorization •
CVE-2018-19579
https://notcve.org/view.php?id=CVE-2018-19579
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. EE versión 11.5 de GitLab, es susceptible a una vulnerabilidad de tipo XSS persistente en la página Operations. Esto se corrige en versión 11.5.1. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19584
https://notcve.org/view.php?id=CVE-2018-19584
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. EE, versiones 11.x y anteriores a 11.3.11, versiones 11.4 y anteriores a 11.4.8 y versiones 11.5 anteriores a 11.5.1 de GitLab , es susceptible a una vulnerabilidad de referencia de objeto directo no seguro que permite a los usuarios identificados, pero no autorizados, visualizar detalles de miembros y de hitos de grupos privados. • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released https://gitlab.com/gitlab-org/gitlab-ce/issues/52522 • CWE-639: Authorization Bypass Through User-Controlled Key •