Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gitlab
(Gitlab)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 944 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-03-21 | CVE-2017-0925 | Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | Debian_linux, Gitlab | 7.2 | ||
| 2018-03-21 | CVE-2017-0924 | Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. | Gitlab | 6.1 | ||
| 2018-03-21 | CVE-2017-0923 | Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. | Gitlab | 6.1 | ||
| 2018-03-21 | CVE-2017-0922 | Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | Gitlab | 7.5 | ||
| 2018-03-21 | CVE-2017-0918 | Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | Debian_linux, Gitlab | 8.8 | ||
| 2018-03-21 | CVE-2017-0917 | Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | Debian_linux, Gitlab | 6.1 | ||
| 2018-03-21 | CVE-2017-0916 | Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. | Debian_linux, Gitlab | 9.8 | ||
| 2018-03-21 | CVE-2017-0915 | Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. | Debian_linux, Gitlab | 9.8 | ||
| 2018-03-21 | CVE-2017-0914 | Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. | Gitlab | 7.5 | ||
| 2017-03-28 | CVE-2017-0882 | Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. | Gitlab | 6.3 |