Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-5463 | Missing Authorization vulnerability in Gitlab An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. | 5.3 |
| 2019-09-09 | CVE-2019-5461 | Improper Input Validation vulnerability in Gitlab An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. | 3.5 |
| 2019-08-29 | CVE-2019-14943 | Use of Hard-coded Credentials vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. | 9.8 |
| 2019-07-10 | CVE-2018-19584 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | 7.5 |
| 2019-07-10 | CVE-2018-19583 | Information Exposure Through Log Files vulnerability in Gitlab GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | 6.5 |
| 2019-07-10 | CVE-2018-19582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | 4.3 |
| 2019-07-10 | CVE-2018-19581 | Improper Authorization vulnerability in Gitlab GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | 7.5 |
| 2019-07-10 | CVE-2018-19580 | Improper Input Validation vulnerability in Gitlab All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | 5.3 |
| 2019-07-10 | CVE-2018-19579 | Cross-site Scripting vulnerability in Gitlab 11.5.0 GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. | 5.4 |
| 2019-07-10 | CVE-2018-19578 | Improper Authorization vulnerability in Gitlab 11.5.0 GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | 6.5 |