CVE search results

1351 – 1360 of 1539 results

Detailed view

Sort by:

CVE-2018-19579

Low priority

Not affected

GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19578

Low priority

Not affected

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19571

Medium priority

Not affected

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19575

Low priority

Not affected

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19574

Medium priority

Ignored

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	Not in release	Not in release	Not in release	Not in release

CVE-2018-19573

Medium priority

Not affected

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19572

Medium priority

Not affected

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19570

Medium priority

Not affected

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19569

Medium priority

Not affected

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2018-19579

CVE-2018-19578

CVE-2018-19571

CVE-2018-19576

CVE-2018-19575

CVE-2018-19574

CVE-2018-19573

CVE-2018-19572

CVE-2018-19570

CVE-2018-19569