Vulnerabilities > Gitlab > Gitlab > 8.13.7

DATE CVE VULNERABILITY TITLE RISK
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8
8.8
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
4.0
4.0
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
gitlab CWE-79
4.3
4.3
2017-03-28 CVE-2016-9469 Permissions, Privileges, and Access Controls vulnerability in Gitlab
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance.
network
low complexity
gitlab CWE-264
5.0
5.0