Vulnerabilities (CVE)

Vendor filter

Gitlab Subscribe

Filter

181 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5473 1 Gitlab 1 Gitlab 2019-10-09 6.5
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVE-2019-5471 1 Gitlab 1 Gitlab 2019-10-09 3.5
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5467 1 Gitlab 1 Gitlab 2019-10-09 3.5
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5463 1 Gitlab 1 Gitlab 2019-10-09 5.0
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5461 1 Gitlab 1 Gitlab 2019-10-09 4.0
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4,...
CVE-2018-3710 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.8
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
CVE-2017-0927 1 Gitlab 1 Gitlab 2019-10-09 4.0
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
CVE-2017-0926 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.5
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
CVE-2017-0925 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 4.0
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
CVE-2017-0924 1 Gitlab 1 Gitlab 2019-10-09 4.3
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
CVE-2017-0923 1 Gitlab 1 Gitlab 2019-10-09 4.3
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
CVE-2017-0922 1 Gitlab 1 Gitlab 2019-10-09 5.0
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
CVE-2017-0918 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.5
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2017-0917 2 Debian, Gitlab 2 Debian Linux, Gitlab 2019-10-09 4.3
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2017-0916 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 7.5
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
CVE-2017-0915 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 7.5
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
CVE-2017-0914 1 Gitlab 1 Gitlab 2019-10-09 5.0
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
CVE-2017-0882 1 Gitlab 1 Gitlab 2019-10-09 4.0
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
CVE-2016-9469 1 Gitlab 1 Gitlab 2019-10-09 5.0
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability...
CVE-2017-11437 1 Gitlab 1 Gitlab 2019-10-03 4.0
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.