CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2018-16050
https://notcve.org/view.php?id=CVE-2018-16050
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay Cross-Site Scripting (XSS) persistente en la vista Merge Request Changes. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/49085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-16049
https://notcve.org/view.php?id=CVE-2018-16049
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgación de datos sensibles en los logs Sidekiq mediante un mensaje de error. • https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 • CWE-532: Insertion of Sensitive Information into Log File •