Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2018-19571 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks. | 7.7 |
| 2019-07-10 | CVE-2018-19576 | Improper Access Control vulnerability in Gitlab GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential. | 8.1 |
| 2019-07-10 | CVE-2018-19569 | Improper Authorization vulnerability in Gitlab GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope. | 8.8 |
| 2019-05-17 | CVE-2019-6797 | Unspecified vulnerability in Gitlab An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 7.5 |
| 2019-05-17 | CVE-2019-6781 | Open Redirect vulnerability in Gitlab An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 7.5 |
| 2019-05-17 | CVE-2018-20500 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. | 7.5 |
| 2019-05-17 | CVE-2018-19585 | CRLF Injection vulnerability in Gitlab GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol. | 7.5 |
| 2019-05-16 | CVE-2019-10112 | Inadequate Encryption Strength vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. | 7.5 |
| 2019-05-16 | CVE-2019-10114 | Information Exposure Through Discrepancy vulnerability in Gitlab An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. | 7.5 |
| 2019-05-16 | CVE-2019-10113 | Resource Exhaustion vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. | 7.5 |