Vulnerabilities (CVE)

Vendor filter

Gitlab Subscribe

Product filter

Gitlab Subscribe

Filter

14 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5471 1 Gitlab 1 Gitlab 2019-10-09 3.5
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5467 1 Gitlab 1 Gitlab 2019-10-09 3.5
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-11546 1 Gitlab 1 Gitlab 2019-09-10 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach...
CVE-2019-11548 1 Gitlab 1 Gitlab 2019-09-10 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.
CVE-2018-19573 1 Gitlab 1 Gitlab 2019-07-16 3.5
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
CVE-2018-19570 1 Gitlab 1 Gitlab 2019-07-16 3.5
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
CVE-2018-19574 1 Gitlab 1 Gitlab 2019-07-16 3.5
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
CVE-2018-19579 1 Gitlab 1 Gitlab 2019-07-11 3.5
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
CVE-2019-9221 1 Gitlab 1 Gitlab 2019-05-29 2.1
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).
CVE-2019-10111 1 Gitlab 1 Gitlab 2019-05-16 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
CVE-2018-12607 1 Gitlab 1 Gitlab 2018-10-03 3.5
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVE-2018-12606 1 Gitlab 1 Gitlab 2018-10-03 3.5
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-14606 1 Gitlab 1 Gitlab 2018-09-18 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
CVE-2018-14605 1 Gitlab 1 Gitlab 2018-09-18 3.5
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.