VYPR

GitLab Enterprise Edition

by GitLab Inc.

Source repositories

CVEs (80)

  • CVE-2018-14364CriJul 18, 2018
    risk 0.61cvss 9.8epss 0.50

    GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

  • CVE-2017-12426HigAug 14, 2017
    risk 0.57cvss 8.8epss 0.04

    GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

  • CVE-2017-0921HigJul 3, 2018
    risk 0.53cvss 8.1epss 0.01

    GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

  • CVE-2018-3710HigMar 21, 2018
    risk 0.51cvss 7.8epss 0.03

    Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

  • CVE-2017-0922HigMar 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.

  • CVE-2017-0925HigMar 21, 2018
    risk 0.47cvss 7.2epss 0.01

    Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.

  • CVE-2017-11437MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

  • CVE-2017-11438MedAug 2, 2017
    risk 0.41cvss 6.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

  • CVE-2018-16050MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.

  • CVE-2018-9243MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.01

    GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and…

  • CVE-2018-12607MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.

  • CVE-2018-12605MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

  • CVE-2018-15472Apr 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

  • CVE-2018-17453Apr 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.

  • CVE-2018-17455Apr 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge…

  • CVE-2019-13121Mar 10, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.

  • CVE-2019-13011Mar 10, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.

  • CVE-2019-13010Mar 10, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0.2. The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It allows Uncontrolled Resource Consumption.

  • CVE-2019-12445Mar 10, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS.

  • CVE-2019-12443Mar 10, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.

Page 1 of 4