Gitlab

Gitlab

1222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-14603

  • EPSS 0.03%
  • Published 27.07.2018 02:29:00
  • Last modified 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

6.1

CVE-2018-14604

  • EPSS 0.07%
  • Published 27.07.2018 02:29:00
  • Last modified 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

5.4

CVE-2018-14605

  • EPSS 0.06%
  • Published 27.07.2018 02:29:00
  • Last modified 21.11.2024 03:49:23

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

5.4

CVE-2018-14606

Exploit
  • EPSS 0.06%
  • Published 27.07.2018 02:29:00
  • Last modified 21.11.2024 03:49:24

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

9.8

CVE-2018-14364

Exploit
  • EPSS 39.28%
  • Published 18.07.2018 19:29:00
  • Last modified 21.11.2024 03:48:55

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

7.5

CVE-2017-0919

  • EPSS 0.06%
  • Published 03.07.2018 21:29:00
  • Last modified 21.11.2024 03:03:53

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previ...

8.1

CVE-2017-0921

  • EPSS 0.09%
  • Published 03.07.2018 21:29:00
  • Last modified 21.11.2024 03:03:54

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

6.1

CVE-2018-10379

  • EPSS 0.06%
  • Published 31.05.2018 21:29:00
  • Last modified 21.11.2024 03:41:18

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

6.5

CVE-2018-8801

Exploit
  • EPSS 0.17%
  • Published 25.04.2018 09:29:00
  • Last modified 21.11.2024 04:14:20

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

6.1

CVE-2018-9243

Exploit
  • EPSS 0.08%
  • Published 05.04.2018 14:29:00
  • Last modified 21.11.2024 04:15:11

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is...