Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2017-0914 SQL Injection vulnerability in Gitlab
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
network
low complexity
gitlab CWE-89
7.5
2018-01-05 CVE-2014-8540 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
network
low complexity
gitlab CWE-264
6.5
2017-12-17 CVE-2017-17716 Improper Certificate Validation vulnerability in Gitlab 9.4.0/9.4.1
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement.
network
high complexity
gitlab CWE-295
5.9
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8
2017-08-02 CVE-2017-11438 Improper Privilege Management vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
network
low complexity
gitlab CWE-269
6.3
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
6.5
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
low complexity
gitlab CWE-79
6.1
2017-03-28 CVE-2017-0882 Information Exposure vulnerability in Gitlab
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.
network
low complexity
gitlab CWE-200
6.3
2017-03-28 CVE-2016-9469 Permissions, Privileges, and Access Controls vulnerability in Gitlab
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance.
network
low complexity
gitlab CWE-264
8.2
2017-01-23 CVE-2016-4340 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
network
low complexity
gitlab CWE-264
8.8