VYPR

apk package

chainguard/gitlab-operator

pkg:apk/chainguard/gitlab-operator

Vulnerabilities (143)

  • CVE-2019-9172Apr 17, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).

  • CVE-2019-9174Apr 17, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.

  • CVE-2019-9176Apr 17, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.

  • CVE-2019-6796Apr 11, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.

  • CVE-2018-20229Apr 4, 2019
    affected < 0fixed 0

    GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.

  • CVE-2018-19856Mar 26, 2019
    affected < 0fixed 0

    GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.

  • CVE-2019-6240Mar 25, 2019
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.

  • CVE-2018-18645Dec 4, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

  • CVE-2018-18640Dec 4, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.

  • CVE-2018-12607MedAug 3, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

  • CVE-2018-12606MedAug 3, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.

  • CVE-2018-14606MedJul 27, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

  • CVE-2018-14605MedJul 27, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.

  • CVE-2018-14604MedJul 27, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.

  • CVE-2018-14603HigJul 27, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.

  • CVE-2018-14602HigJul 27, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

  • CVE-2018-14364CriJul 18, 2018
    affected < 0fixed 0

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

  • CVE-2017-0921HigJul 3, 2018
    affected < 0fixed 0

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

  • CVE-2017-0919HigJul 3, 2018
    affected < 0fixed 0

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

  • CVE-2018-10379MedMay 31, 2018
    affected < 0fixed 0

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

Page 7 of 8