Vulnerabilities > Gitlab > Gitlab > 8.5.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-25 | CVE-2018-8801 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | 6.5 |
| 2018-04-05 | CVE-2018-9243 | Cross-site Scripting vulnerability in Gitlab GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). | 6.1 |
| 2018-03-24 | CVE-2018-8971 | Improper Input Validation vulnerability in multiple products The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | 9.8 |
| 2018-03-21 | CVE-2017-0925 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | 7.2 |
| 2018-03-21 | CVE-2017-0918 | Path Traversal vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | 8.8 |
| 2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
| 2017-08-02 | CVE-2017-11437 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | 6.5 |
| 2017-05-04 | CVE-2017-8778 | Cross-site Scripting vulnerability in Gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 6.1 |
| 2017-01-23 | CVE-2016-4340 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | 8.8 |