CVE search results

1351 – 1360 of 1538 results

Detailed view

Sort by:

CVE-2018-19578

Low priority

Not affected

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19571

Medium priority

Not affected

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19575

Low priority

Not affected

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19574

Medium priority

Ignored

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	Not in release	Not in release	Not in release	Not in release

CVE-2018-19573

Medium priority

Not affected

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19572

Medium priority

Not affected

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1,...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19570

Medium priority

Not affected

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19569

Medium priority

Not affected

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

CVE-2018-19577

Low priority

Not affected

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a...

1 affected package

gitlab

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gitlab	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2018-19578

CVE-2018-19571

CVE-2018-19576

CVE-2018-19575

CVE-2018-19574

CVE-2018-19573

CVE-2018-19572

CVE-2018-19570

CVE-2018-19569

CVE-2018-19577