Vulnerabilities (CVE)

Filtered by vendor Gitlab Subscribe
Filtered by product Gitlab
Total 1034 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18648 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.
CVE-2018-18647 1 Gitlab 1 Gitlab 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.
CVE-2018-18646 1 Gitlab 1 Gitlab 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.
CVE-2018-18645 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.
CVE-2018-18644 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
CVE-2018-18643 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-18642 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.
CVE-2018-18641 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.
CVE-2018-18640 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
CVE-2018-17976 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
CVE-2018-17975 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
CVE-2018-17939 1 Gitlab 1 Gitlab 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
CVE-2018-17537 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.4 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
CVE-2018-17536 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.4 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.
CVE-2018-17455 1 Gitlab 1 Gitlab 2024-11-21 N/A 7.5 HIGH
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
CVE-2018-17454 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.4 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.
CVE-2018-17453 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
CVE-2018-17452 1 Gitlab 1 Gitlab 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
CVE-2018-17451 1 Gitlab 1 Gitlab 2024-11-21 N/A 8.8 HIGH
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
CVE-2018-17450 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.3 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.