Writeup Exploits

60,661 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-20494 WRITEUP HIGH
GitLab 8.4.0-11.4.12 11.5.0-11.5.5 11.6.0 - Incorrect Authorization
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVSS 7.5
CVE-2018-20493 WRITEUP MEDIUM
GitLab 8.17.0-11.4.12 11.5.0-11.5.5 11.6.0 - Incorrect Authorization
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.
CVSS 4.3
CVE-2018-20491 WRITEUP MEDIUM
GitLab 11.3.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Cross-Site Scripting
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVSS 5.4
CVE-2018-20490 WRITEUP MEDIUM
GitLab 11.2.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Cross-Site Scripting
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVSS 5.4
CVE-2018-20488 WRITEUP MEDIUM
GitLab 9.3.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Information Exposure
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows Information Exposure.
CVSS 4.3
CVE-2018-20144 WRITEUP HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
CVSS 7.5
CVE-2018-19856 WRITEUP HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
CVSS 7.5
CVE-2018-19584 WRITEUP HIGH
GitLab EE <11.3.11-11.5.1 - Info Disclosure
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.
CVSS 7.5
CVE-2018-19580 WRITEUP MEDIUM
GitLab <11.5.1-11.3.11 - Info Disclosure
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
CVSS 5.3
CVE-2018-19579 WRITEUP MEDIUM
GitLab 11.5.0 - Stored Cross-Site Scripting in Operations Page
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
CVSS 5.4
CVE-2018-19578 WRITEUP MEDIUM
GitLab EE <11.5.1 - Info Disclosure
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.
CVSS 6.5
CVE-2018-19577 WRITEUP MEDIUM
Gitlab CE/EE <11.3.11-11.5.1 - Info Disclosure
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
CVSS 5.3
CVE-2018-19576 WRITEUP HIGH
GitLab CE/EE <11.3.11-11.4.8-11.5.1 - Info Disclosure
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
CVSS 8.1
CVE-2018-19575 WRITEUP MEDIUM
GitLab CE/EE <11.3.11-11.5.1 - Info Disclosure
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
CVSS 4.3
CVE-2018-19574 WRITEUP MEDIUM
GitLab 7.6-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting in OAuth Authorization Page
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
CVSS 5.4
CVE-2018-19573 WRITEUP MEDIUM
GitLab 10.3-11.x < 11.3.11, 11.4 < 11.4.8, 11.5 < 11.5.1 - Stored Cross-Site Scripting via Mermaid Markdown Renderer
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
CVSS 5.4
CVE-2018-19571 WRITEUP HIGH
GitLab CE/EE <11.3.11-11.5.1 - SSRF
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVSS 7.7
CVE-2018-19570 WRITEUP MEDIUM
GitLab 11.3-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting via Unrecognized HTML Tags in Markdown Fields
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
CVSS 5.4
CVE-2018-19569 WRITEUP HIGH
GitLab CE/EE <11.3.11, <11.4.8, <11.5.1 - Auth Bypass
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
CVSS 8.8
CVE-2018-19496 WRITEUP MEDIUM
GitLab <11.3.11-11.5.1 - Privilege Escalation
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone.
CVSS 6.5
CVE-2018-19494 WRITEUP MEDIUM
GitLab <11.3.11-11.5.1 - Info Disclosure
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.
CVSS 4.3
CVE-2018-19493 WRITEUP MEDIUM
GitLab 11.x < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Stored Cross-Site Scripting in Environment Pages
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.
CVSS 6.1
CVE-2018-19359 WRITEUP HIGH
GitLab <11.5.0-rc12, 11.4.6, 11.3.10 - Info Disclosure
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVSS 8.8
CVE-2018-18843 WRITEUP CRITICAL
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
CVSS 10.0
CVE-2018-18649 WRITEUP CRITICAL
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Remote Code Execution via Wiki API
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.
CVSS 9.8
By Source
All 60,661 Writeup 60,661 Exploitdb 50,056 Nomisec 22,007 Metasploit 3,233 Github 3,032 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,369 python 6,264 ruby 5,923 c 3,601 perl 2,850 html 2,059 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24