CVE search results

1011 – 1020 of 1132 results

Detailed view

Sort by:

CVE-2018-19571

Medium priority

Not affected

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19575

Low priority

Not affected

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19574

Medium priority

Ignored

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	Not in release	Not in release	Not in release	Not in release

CVE-2018-19573

Medium priority

Not affected

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19572

Medium priority

Not affected

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19570

Medium priority

Not affected

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19569

Medium priority

Not affected

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19577

Low priority

Not affected

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19496

Low priority

Not affected

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2018-19571

CVE-2018-19576

CVE-2018-19575

CVE-2018-19574

CVE-2018-19573

CVE-2018-19572

CVE-2018-19570

CVE-2018-19569

CVE-2018-19577

CVE-2018-19496