Vulnerabilities > Gitlab > Gitlab > 6.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-24 | CVE-2018-8971 | Improper Input Validation vulnerability in Gitlab The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | 7.5 |
2018-01-05 | CVE-2014-8540 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 4.0 |
2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
2017-05-04 | CVE-2017-8778 | Cross-site Scripting vulnerability in Gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 4.3 |