Filtered by vendor Gitlab Subscriptions
Total 1105 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-17976 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
CVE-2018-17975 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
CVE-2018-17939 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
CVE-2018-17537 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
CVE-2018-17536 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.
CVE-2018-17455 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
CVE-2018-17454 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.
CVE-2018-17453 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
CVE-2018-17452 1 Gitlab 1 Gitlab 2024-11-21 9.8 Critical
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
CVE-2018-17451 1 Gitlab 1 Gitlab 2024-11-21 8.8 High
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
CVE-2018-17450 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.
CVE-2018-17449 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.
CVE-2018-16051 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVE-2018-16050 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVE-2018-16049 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVE-2018-16048 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.
CVE-2018-15472 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
CVE-2018-14606 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
CVE-2018-14605 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
CVE-2018-14604 1 Gitlab 1 Gitlab 2024-11-21 N/A
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.