Vulnerabilities > Gitlab > Gitlab > 9.2.7

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2017-0924 Cross-site Scripting vulnerability in Gitlab
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
network
gitlab CWE-79
4.3
4.3
2018-03-21 CVE-2017-0922 Incorrect Authorization vulnerability in Gitlab
Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
network
low complexity
gitlab CWE-863
5.0
5.0
2018-03-21 CVE-2017-0918 Path Traversal vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
network
low complexity
gitlab debian CWE-22
6.5
6.5
2018-03-21 CVE-2017-0916 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
7.5
2018-03-21 CVE-2017-0915 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
7.5
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8
8.8
2017-08-02 CVE-2017-11438 Improper Privilege Management vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
network
low complexity
gitlab CWE-269
6.5
6.5
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
4.0
4.0