Vulnerabilities > Gitlab > Gitlab > 8.13.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-11548 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. | 3.5 |
| 2019-09-09 | CVE-2019-11547 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. | 4.3 |
| 2019-09-09 | CVE-2019-11546 | Race Condition vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. | 3.5 |
| 2019-09-09 | CVE-2019-11544 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. | 4.0 |
| 2019-07-10 | CVE-2018-19583 | Information Exposure Through Log Files vulnerability in Gitlab GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | 6.5 |
| 2019-07-10 | CVE-2018-19581 | Improper Authorization vulnerability in Gitlab GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | 5.0 |
| 2019-07-10 | CVE-2018-19580 | Improper Input Validation vulnerability in Gitlab All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | 5.0 |
| 2019-07-10 | CVE-2018-19576 | Improper Access Control vulnerability in Gitlab GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | 6.4 |
| 2019-07-10 | CVE-2018-19574 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | 5.4 |
| 2019-07-10 | CVE-2018-19572 | Race Condition vulnerability in Gitlab GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. | 4.3 |