Vulnerabilities > Gitlab > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-14364 Path Traversal vulnerability in Gitlab
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
network
low complexity
gitlab CWE-22
7.5
2018-03-24 CVE-2018-8971 Improper Input Validation vulnerability in Gitlab
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
network
low complexity
gitlab debian CWE-20
7.5
2018-03-21 CVE-2018-3710 Path Traversal vulnerability in multiple products
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
local
low complexity
gitlab debian CWE-22
7.8
2018-03-21 CVE-2017-0916 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
2018-03-21 CVE-2017-0915 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8