Vulnerabilities > Gitlab > Gitlab > 8.9.5

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
4.0
4.0
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
gitlab CWE-79
4.3
4.3
2016-11-03 CVE-2016-9086 Information Exposure vulnerability in Gitlab
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab.
network
low complexity
gitlab CWE-200
4.0
4.0