Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2017-0921 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | 8.1 |
| 2018-07-03 | CVE-2017-0919 | Missing Authentication for Critical Function vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | 7.5 |
| 2018-03-21 | CVE-2018-3710 | Path Traversal vulnerability in multiple products Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | 7.8 |
| 2018-03-21 | CVE-2017-0926 | Incorrect Authorization vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | 8.8 |
| 2018-03-21 | CVE-2017-0925 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | 7.2 |
| 2018-03-21 | CVE-2017-0922 | Incorrect Authorization vulnerability in Gitlab Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. | 7.5 |
| 2018-03-21 | CVE-2017-0918 | Path Traversal vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | 8.8 |
| 2018-03-21 | CVE-2017-0914 | SQL Injection vulnerability in Gitlab Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. | 7.5 |
| 2017-08-14 | CVE-2017-12426 | Improper Input Validation vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 8.8 |
| 2017-03-28 | CVE-2016-9469 | Permissions, Privileges, and Access Controls vulnerability in Gitlab Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. | 8.2 |