Vulnerabilities (CVE)

Vendor filter

Gitlab Subscribe

Product filter

Gitlab Subscribe

Filter

153 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5473 1 Gitlab 1 Gitlab 2019-10-09 6.5
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVE-2019-5463 1 Gitlab 1 Gitlab 2019-10-09 5.0
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-5461 1 Gitlab 1 Gitlab 2019-10-09 4.0
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4,...
CVE-2018-3710 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.8
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
CVE-2017-0927 1 Gitlab 1 Gitlab 2019-10-09 4.0
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
CVE-2017-0926 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.5
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
CVE-2017-0925 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 4.0
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
CVE-2017-0924 1 Gitlab 1 Gitlab 2019-10-09 4.3
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
CVE-2017-0923 1 Gitlab 1 Gitlab 2019-10-09 4.3
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
CVE-2017-0922 1 Gitlab 1 Gitlab 2019-10-09 5.0
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
CVE-2017-0918 2 Gitlab, Debian 2 Gitlab, Debian Linux 2019-10-09 6.5
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2017-0917 2 Debian, Gitlab 2 Debian Linux, Gitlab 2019-10-09 4.3
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2017-0914 1 Gitlab 1 Gitlab 2019-10-09 5.0
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
CVE-2017-0882 1 Gitlab 1 Gitlab 2019-10-09 4.0
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
CVE-2016-9469 1 Gitlab 1 Gitlab 2019-10-09 5.0
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability...
CVE-2017-11438 1 Gitlab 1 Gitlab 2019-10-03 6.5
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
CVE-2017-11437 1 Gitlab 1 Gitlab 2019-10-03 4.0
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
CVE-2018-14601 1 Gitlab 1 Gitlab 2019-10-03 5.0
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
CVE-2018-18647 1 Gitlab 1 Gitlab 2019-10-03 5.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.
CVE-2018-18641 1 Gitlab 1 Gitlab 2019-10-03 5.0
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.