Vulnerabilities > Gitlab > Gitlab > 6.8.1

DATE CVE VULNERABILITY TITLE RISK
2018-03-24 CVE-2018-8971 Improper Input Validation vulnerability in Gitlab
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
network
low complexity
gitlab debian CWE-20
7.5
2018-01-05 CVE-2014-8540 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
network
low complexity
gitlab CWE-264
4.0
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
gitlab CWE-79
4.3