Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gitlab
(Gitlab)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 944 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-29 | CVE-2019-14943 | An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | Gitlab | 9.8 | ||
| 2019-07-10 | CVE-2018-19581 | GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | Gitlab | 7.5 | ||
| 2019-07-10 | CVE-2018-19580 | All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | Gitlab | 5.3 | ||
| 2019-07-10 | CVE-2018-19579 | GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | Gitlab | 5.4 | ||
| 2019-07-10 | CVE-2018-19578 | GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | Gitlab | 6.5 | ||
| 2019-07-10 | CVE-2018-19576 | GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | Gitlab | 8.1 | ||
| 2019-07-10 | CVE-2018-19572 | GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11. | Gitlab | 5.9 | ||
| 2019-07-10 | CVE-2018-19569 | GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | Gitlab | 8.8 | ||
| 2019-07-10 | CVE-2018-19496 | An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | Gitlab | 6.5 | ||
| 2019-07-10 | CVE-2018-19495 | An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. | Gitlab | 6.5 |