Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-6782 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 7.5 |
| 2019-09-09 | CVE-2019-11605 | Information Exposure vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. | 7.5 |
| 2019-09-09 | CVE-2019-5473 | Improper Authentication vulnerability in Gitlab 12.0.4/12.1.2 An authentication issue was discovered in GitLab that allowed a bypass of email verification. | 7.2 |
| 2019-07-10 | CVE-2018-19584 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | 7.5 |
| 2019-07-10 | CVE-2018-19581 | Improper Authorization vulnerability in Gitlab GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. | 7.5 |
| 2019-07-10 | CVE-2018-19571 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | 7.7 |
| 2019-07-10 | CVE-2018-19576 | Improper Access Control vulnerability in Gitlab GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | 8.1 |
| 2019-07-10 | CVE-2018-19569 | Improper Authorization vulnerability in Gitlab GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | 8.8 |
| 2019-05-17 | CVE-2019-6797 | Unspecified vulnerability in Gitlab An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 7.5 |
| 2019-05-17 | CVE-2019-6781 | Open Redirect vulnerability in Gitlab An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 7.5 |