Gitlab

Gitlab

1247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2018-19576

  • EPSS 0.17%
  • Veröffentlicht 10.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 03:58:12

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made...

8.8

CVE-2018-19569

  • EPSS 0.26%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:11

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

5.4

CVE-2018-19570

  • EPSS 0.09%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:11

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

5.9

CVE-2018-19572

  • EPSS 0.1%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:12

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.

5.4

CVE-2018-19573

  • EPSS 0.09%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:12

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

5.4

CVE-2018-19574

  • EPSS 0.09%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:12

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

4.3

CVE-2018-19575

  • EPSS 0.13%
  • Veröffentlicht 10.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:58:12

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

6.5

CVE-2018-19496

  • EPSS 0.08%
  • Veröffentlicht 10.07.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 03:58:01

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to pr...

5.3

CVE-2018-19577

  • EPSS 0.25%
  • Veröffentlicht 10.07.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 03:58:13

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

6.1

CVE-2018-19493

  • EPSS 0.1%
  • Veröffentlicht 10.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 03:58:01

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output enco...