Vulnerabilities > Gitlab > Gitlab > 11.2.3

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2018-19575 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
network
low complexity
gitlab CWE-639
4.0
4.0
2019-07-10 CVE-2018-19574 Cross-site Scripting vulnerability in Gitlab
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-07-10 CVE-2018-19573 Cross-site Scripting vulnerability in Gitlab
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-07-10 CVE-2018-19572 Race Condition vulnerability in Gitlab
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment.
network
gitlab CWE-362
4.3
4.3
2019-07-10 CVE-2018-19569 Improper Authorization vulnerability in Gitlab
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
network
low complexity
gitlab CWE-285
6.5
6.5
2019-07-10 CVE-2018-19577 Improper Access Control vulnerability in Gitlab
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
network
low complexity
gitlab CWE-284
5.3
5.3
2019-07-10 CVE-2018-19496 Improper Access Control vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
low complexity
gitlab CWE-284
4.0
4.0
2019-07-10 CVE-2018-19495 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
low complexity
gitlab CWE-918
4.0
4.0
2019-07-10 CVE-2018-19494 Improper Access Control vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
low complexity
gitlab CWE-284
4.0
4.0
2019-07-10 CVE-2018-19493 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
network
gitlab CWE-79
4.3
4.3