VYPR

GitLab Community Edition

by GitLab Inc.

Source repositories

CVEs (109)

  • CVE-2018-17976MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.

  • CVE-2018-8801MedApr 25, 2018
    risk 0.42cvss 6.5epss 0.01

    GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

  • CVE-2017-0927MedMar 21, 2018
    risk 0.42cvss 6.5epss 0.01

    Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.

  • CVE-2018-20501MedDec 30, 2019
    risk 0.41cvss 6.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

  • CVE-2017-11438MedAug 2, 2017
    risk 0.41cvss 6.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

  • CVE-2019-18451MedNov 26, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect.

  • CVE-2019-15739MedSep 16, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.

  • CVE-2019-15724MedSep 16, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.

  • CVE-2019-11547MedSep 9, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially…

  • CVE-2018-19493MedJul 10, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.

  • CVE-2019-10117MedMay 16, 2019
    risk 0.40cvss 6.1epss 0.01

    An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.

  • CVE-2018-18642MedDec 4, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.

  • CVE-2018-16050MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.

  • CVE-2018-9243MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.01

    GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and…

  • CVE-2017-0924MedMar 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

  • CVE-2017-0923MedMar 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

  • CVE-2017-0917MedMar 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.

  • CVE-2019-9172MedApr 17, 2019
    risk 0.38cvss 5.9epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).

  • CVE-2019-9221MedMay 29, 2019
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5).

  • CVE-2018-17536MedApr 15, 2023
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.

Page 3 of 6