apk package
chainguard/gitlab-operator-compat
pkg:apk/chainguard/gitlab-operator-compat
Vulnerabilities (96)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18643 | — | < 0 | 0 | Apr 25, 2019 | GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | ||
| CVE-2019-9220 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption. | ||
| CVE-2019-9223 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure. | ||
| CVE-2019-9222 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | ||
| CVE-2019-9217 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. | ||
| CVE-2019-9219 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5). | ||
| CVE-2019-9225 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5). | ||
| CVE-2019-9224 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5). | ||
| CVE-2019-9171 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5). | ||
| CVE-2019-9179 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5). | ||
| CVE-2019-9178 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5). | ||
| CVE-2019-9175 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5). | ||
| CVE-2019-9170 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control. | ||
| CVE-2019-9172 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5). | ||
| CVE-2019-9174 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF. | ||
| CVE-2019-9176 | — | < 0 | 0 | Apr 17, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF. | ||
| CVE-2019-6796 | — | < 0 | 0 | Apr 11, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. | ||
| CVE-2018-20229 | — | < 0 | 0 | Apr 4, 2019 | GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. | ||
| CVE-2018-19856 | — | < 0 | 0 | Mar 26, 2019 | GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | ||
| CVE-2019-6240 | — | < 0 | 0 | Mar 25, 2019 | An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. |
- CVE-2018-18643Apr 25, 2019affected < 0fixed 0
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
- CVE-2019-9220Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.
- CVE-2019-9223Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.
- CVE-2019-9222Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
- CVE-2019-9217Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
- CVE-2019-9219Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
- CVE-2019-9225Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).
- CVE-2019-9224Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).
- CVE-2019-9171Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).
- CVE-2019-9179Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).
- CVE-2019-9178Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).
- CVE-2019-9175Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).
- CVE-2019-9170Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.
- CVE-2019-9172Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).
- CVE-2019-9174Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.
- CVE-2019-9176Apr 17, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.
- CVE-2019-6796Apr 11, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
- CVE-2018-20229Apr 4, 2019affected < 0fixed 0
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.
- CVE-2018-19856Mar 26, 2019affected < 0fixed 0
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
- CVE-2019-6240Mar 25, 2019affected < 0fixed 0
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
Page 4 of 5