Vulnerabilities > Gitlab > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-18843 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
network
low complexity
gitlab CWE-918
critical
 10.0
10
2018-12-04 CVE-2018-18641 Cleartext Storage of Sensitive Information vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.
network
low complexity
gitlab CWE-312
critical
 9.8
9.8
2018-11-29 CVE-2018-18649 Unspecified vulnerability in Gitlab
An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.
network
low complexity
gitlab
critical
 9.8
9.8
2018-10-03 CVE-2018-16049 Information Exposure Through Log Files vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2.
network
low complexity
gitlab CWE-532
critical
 9.8
9.8
2018-07-18 CVE-2018-14364 Path Traversal vulnerability in Gitlab
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
network
low complexity
gitlab CWE-22
critical
 9.8
9.8
2018-03-24 CVE-2018-8971 Improper Input Validation vulnerability in multiple products
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
network
low complexity
gitlab debian CWE-20
critical
 9.8
9.8
2018-03-21 CVE-2017-0916 Improper Input Validation vulnerability in multiple products
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
critical
 9.8
9.8
2018-03-21 CVE-2017-0915 Improper Input Validation vulnerability in multiple products
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
critical
 9.8
9.8