Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2018-19578 | Improper Authorization vulnerability in Gitlab 11.5.0 GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | 6.5 |
| 2019-07-10 | CVE-2018-19575 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | 4.3 |
| 2019-07-10 | CVE-2018-19574 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | 5.4 |
| 2019-07-10 | CVE-2018-19573 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | 5.4 |
| 2019-07-10 | CVE-2018-19572 | Race Condition vulnerability in Gitlab GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. | 5.9 |
| 2019-07-10 | CVE-2018-19570 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | 5.4 |
| 2019-07-10 | CVE-2018-19577 | Improper Access Control vulnerability in Gitlab Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | 5.3 |
| 2019-07-10 | CVE-2018-19496 | Improper Access Control vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. | 6.5 |
| 2019-07-10 | CVE-2018-19495 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. | 6.5 |
| 2019-07-10 | CVE-2018-19494 | Improper Access Control vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. | 4.3 |