CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-19856
https://notcve.org/view.php?id=CVE-2018-19856
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. GitLab CE/EE, en versiones anteriores a la 11.3.12, versiones 11.4.x anteriores a la 11.4.10 y versiones 11.5.x anteriores a la 11.5.3, permite el salto de directorio en la API de plantillas. • https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/54857 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6240
https://notcve.org/view.php?id=CVE-2019-6240
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. Se ha descubierto un problema en GitLab Community y Enterprise Edition en versiones anteriores a la 11.14. Permite el salto de directorio. • https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released https://about.gitlab.com/blog/categories/releases • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-18647
https://notcve.org/view.php?id=CVE-2018-18647
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene una falta de autorización. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ee/issues/7538 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-18641
https://notcve.org/view.php?id=CVE-2018-18641
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.2.7, versiones 11.3.x anteriores a la 11.3.8 y versiones 11.4.x anteriores a la 11.4.3. Tiene almacenamiento en texto claro de información sensible. • https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released https://gitlab.com/gitlab-org/gitlab-ce/issues/51113 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18843
https://notcve.org/view.php?id=CVE-2018-18843
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. La integración con Kubernetes en la edición Enterprise de GitLab, en versiones 11.1.x anteriores a la 11.2.8, versiones 11.3.x anteriores a la 11.3.9 y versiones 11.4.x anteriores a la 11.4.4, tiene Server-Side Request Forgery (SSRF). • https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released https://gitlab.com/gitlab-org/gitlab-ce/issues/53158 • CWE-918: Server-Side Request Forgery (SSRF) •