Vulnerabilities > Gitlab > Gitlab > 8.13.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
2017-08-02 | CVE-2017-11437 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | 4.0 |
2017-05-04 | CVE-2017-8778 | Cross-site Scripting vulnerability in Gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 4.3 |
2017-03-28 | CVE-2017-0882 | Information Exposure vulnerability in Gitlab Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. | 4.0 |
2017-03-28 | CVE-2016-9469 | Permissions, Privileges, and Access Controls vulnerability in Gitlab Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. | 5.0 |