Vulnerabilities > Gitlab > Gitlab > 11.4.4

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2018-19582 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.
network
low complexity
gitlab CWE-639
4.0
4.0
2019-07-10 CVE-2018-19581 Improper Authorization vulnerability in Gitlab
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.
network
low complexity
gitlab CWE-285
5.0
5.0
2019-07-10 CVE-2018-19580 Improper Input Validation vulnerability in Gitlab
All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made.
network
low complexity
gitlab CWE-20
5.0
5.0
2019-07-10 CVE-2018-19571 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
network
low complexity
gitlab CWE-918
7.7
7.7
2019-07-10 CVE-2018-19576 Improper Access Control vulnerability in Gitlab
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
network
low complexity
gitlab CWE-284
6.4
6.4
2019-07-10 CVE-2018-19575 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
network
low complexity
gitlab CWE-639
4.0
4.0
2019-07-10 CVE-2018-19574 Cross-site Scripting vulnerability in Gitlab
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-07-10 CVE-2018-19573 Cross-site Scripting vulnerability in Gitlab
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-07-10 CVE-2018-19572 Race Condition vulnerability in Gitlab
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment.
network
gitlab CWE-362
4.3
4.3
2019-07-10 CVE-2018-19570 Cross-site Scripting vulnerability in Gitlab
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
network
low complexity
gitlab CWE-79
5.4
5.4