Vulnerabilities > Gitlab > Gitlab > 10.4.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-14364 Path Traversal vulnerability in Gitlab
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
network
low complexity
gitlab CWE-22
7.5
7.5
2018-05-31 CVE-2018-10379 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2.
network
gitlab CWE-79
4.3
4.3
2018-04-05 CVE-2018-9244 Cross-site Scripting vulnerability in Gitlab
GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature).
network
gitlab CWE-79
4.3
4.3
2018-04-05 CVE-2018-9243 Cross-site Scripting vulnerability in Gitlab
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests).
network
gitlab CWE-79
4.3
4.3
2018-03-24 CVE-2018-8971 Improper Input Validation vulnerability in Gitlab
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
network
low complexity
gitlab debian CWE-20
7.5
7.5