Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2018-19582 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | 4.3 |
| 2019-07-10 | CVE-2018-19580 | Improper Input Validation vulnerability in Gitlab All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | 5.3 |
| 2019-07-10 | CVE-2018-19579 | Cross-site Scripting vulnerability in Gitlab 11.5.0 GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. | 5.4 |
| 2019-07-10 | CVE-2018-19578 | Improper Authorization vulnerability in Gitlab 11.5.0 GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. | 6.5 |
| 2019-07-10 | CVE-2018-19575 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | 4.3 |
| 2019-07-10 | CVE-2018-19574 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | 5.4 |
| 2019-07-10 | CVE-2018-19573 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | 5.4 |
| 2019-07-10 | CVE-2018-19572 | Race Condition vulnerability in Gitlab GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. | 5.9 |
| 2019-07-10 | CVE-2018-19570 | Cross-site Scripting vulnerability in Gitlab GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | 5.4 |
| 2019-07-10 | CVE-2018-19577 | Improper Access Control vulnerability in Gitlab Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue. | 5.3 |