Vulnerabilities > Gitlab > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-11549 Information Exposure Through Log Files vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2.
network
low complexity
gitlab CWE-532
6.5
6.5
2019-09-09 CVE-2019-11548 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-09-09 CVE-2019-11547 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2.
network
low complexity
gitlab CWE-116
6.1
6.1
2019-09-09 CVE-2019-11546 Race Condition vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2.
network
high complexity
gitlab CWE-362
5.3
5.3
2019-09-09 CVE-2019-11545 Information Exposure vulnerability in Gitlab
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2.
network
low complexity
gitlab CWE-200
4.3
4.3
2019-09-09 CVE-2019-11544 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2.
network
low complexity
gitlab
4.3
4.3
2019-09-09 CVE-2019-5471 Cross-site Scripting vulnerability in Gitlab
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-09-09 CVE-2019-5467 Cross-site Scripting vulnerability in Gitlab
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-09-09 CVE-2019-5463 Missing Authorization vulnerability in Gitlab
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status.
network
low complexity
gitlab CWE-862
5.3
5.3
2019-07-10 CVE-2018-19583 Information Exposure Through Log Files vulnerability in Gitlab
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
network
low complexity
gitlab CWE-532
6.5
6.5