Total
52 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9218 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 1 of 5). | |||||
CVE-2019-9756 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. | |||||
CVE-2019-14943 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | |||||
CVE-2019-9174 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | |||||
CVE-2018-18641 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information. | |||||
CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | |||||
CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
CVE-2018-16049 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message. | |||||
CVE-2018-14364 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. | |||||
CVE-2017-0915 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. | |||||
CVE-2017-0916 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. | |||||
CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. |