Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-11438 Improper Privilege Management vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
network
low complexity
gitlab CWE-269
6.3
2017-08-02 CVE-2017-11437 Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
network
low complexity
gitlab CWE-732
6.5
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
low complexity
gitlab CWE-79
6.1
2017-03-28 CVE-2017-0882 Information Exposure vulnerability in Gitlab
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.
network
low complexity
gitlab CWE-200
6.3
2017-03-28 CVE-2016-9469 Permissions, Privileges, and Access Controls vulnerability in Gitlab
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance.
network
low complexity
gitlab CWE-264
8.2
2017-01-23 CVE-2016-4340 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
network
low complexity
gitlab CWE-264
8.8
2016-11-03 CVE-2016-9086 Information Exposure vulnerability in Gitlab
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab.
network
low complexity
gitlab CWE-200
6.5