Vulnerabilities > Gitlab > Gitlab > 8.11.10

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
6.5
6.5
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
low complexity
gitlab CWE-79
6.1
6.1
2017-03-28 CVE-2017-0882 Information Exposure vulnerability in Gitlab
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.
network
low complexity
gitlab CWE-200
6.3
6.3