gitlab

CVE-2018-18640 MEDIUM

GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure Through Browser Caching

Dec 04, 2018

CVSS 6.5

EPSS 0.00

CVE-2018-17976 MEDIUM

GitLab 11.0.0-11.1.8 - Information Exposure via Epic Change Descriptions

Dec 04, 2018

CVSS 6.5

EPSS 0.00

CVE-2018-17975 MEDIUM

GitLab 11.x < 11.1.8, 11.2.x < 11.2.5, 11.3.x < 11.3.2 - Information Exposure via GFM Markdown API

Dec 04, 2018

CVSS 5.3

EPSS 0.00

CVE-2018-17939 HIGH

GitLab 11.1.x-11.1.8 11.2.x-11.2.5 11.3.x-11.3.2 - Information Exposure via Merge Request JSON Endpoint

Dec 04, 2018

CVSS 7.5

EPSS 0.00

CVE-2018-18649 CRITICAL

GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Remote Code Execution via Wiki API

Nov 29, 2018

CVSS 9.8

EPSS 0.55

CVE-2018-16051 MEDIUM

GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Exposure of Sensitive Information via Orphaned Upload Files

Oct 03, 2018

CVSS 6.5

EPSS 0.00

CVE-2018-16050 MEDIUM

GitLab 11.1.x < 11.1.5 and 11.2.x < 11.2.2 - Stored Cross-Site Scripting in Merge Request Changes View

Oct 03, 2018

CVSS 6.1

EPSS 0.00

CVE-2018-16049 CRITICAL

GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Sensitive Data Disclosure in Sidekiq Logs

Oct 03, 2018

CVSS 9.8

EPSS 0.00

CVE-2018-16048 MEDIUM

GitLab 8.10.0-11.0.5 11.1.0-11.1.4 11.2.0-11.2.1 - Missing Authorization for API Repository Storage

Oct 03, 2018

CVSS 6.5

EPSS 0.00

CVE-2018-12607 MEDIUM

GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS

Aug 03, 2018

CVSS 5.4

EPSS 0.00

CVE-2018-12606 MEDIUM

GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS

Aug 03, 2018

CVSS 5.4

EPSS 0.00

CVE-2018-12605 MEDIUM

GitLab 10.7.x < 10.7.6 - Cross-Site Scripting via url_for Arbitrary Protocol

Aug 03, 2018

CVSS 5.4

EPSS 0.00

CVE-2018-14606 MEDIUM

GitLab <10.8.7, <11.0.5, <11.1.2 - XSS

Jul 27, 2018

CVSS 5.4

EPSS 0.00

CVE-2018-14605 MEDIUM

GitLab <10.8.7, <11.0.5, <11.1.2 - XSS

Jul 27, 2018

CVSS 5.4

EPSS 0.00

CVE-2018-14604 MEDIUM

GitLab <10.8.7, <11.0.5, <11.1.2 - XSS

Jul 27, 2018

CVSS 6.1

EPSS 0.00

CVE-2018-14603 HIGH

GitLab <10.8.7, <11.0.5, <11.1.2 - CSRF

Jul 27, 2018

CVSS 8.8

EPSS 0.00

CVE-2018-14602 HIGH

GitLab <10.8.7, <11.0.5, <11.1.2 - Info Disclosure

Jul 27, 2018

CVSS 7.5

EPSS 0.00

CVE-2018-14601 HIGH

GitLab 11.1.x < 11.1.2 - Denial of Service via Markdown Rendering

Jul 27, 2018

CVSS 7.5

EPSS 0.00

CVE-2018-14364 CRITICAL

GitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal

Jul 18, 2018

CVSS 9.8

EPSS 0.40

CVE-2018-10379 MEDIUM

GitLab CE/EE <10.5.8-10.7.2 - Persistent XSS

May 31, 2018

CVSS 6.1

EPSS 0.00

CVE-2018-8801 MEDIUM

GitLab 8.3-10.x - Server-Side Request Forgery in Services and Webhooks

Apr 25, 2018

CVSS 6.5

EPSS 0.00

CVE-2018-9244 MEDIUM

GitLab 9.2-10.4 - Stored Cross-Site Scripting in Milestone Dropdown Feature

Apr 05, 2018

CVSS 6.1

EPSS 0.00

CVE-2018-9243 MEDIUM

GitLab 8.4-10.4 - Stored Cross-Site Scripting in Merge Request Changes Tab

Apr 05, 2018

CVSS 6.1

EPSS 0.00

CVE-2018-8971 CRITICAL

GitLab < 10.3.9, 10.4.x < 10.4.6, 10.5.x < 10.5.6 - User Impersonation via Auth0 Misconfiguration

Mar 24, 2018

CVSS 9.8

EPSS 0.00

CVE-2018-3710 HIGH

GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import

Mar 21, 2018

CVSS 7.8

EPSS 0.04