Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-21 | CVE-2017-0923 | Cross-site Scripting vulnerability in Gitlab Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. | 6.1 |
| 2018-03-21 | CVE-2017-0917 | Improper Input Validation vulnerability in multiple products Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | 6.1 |
| 2018-01-05 | CVE-2014-8540 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 6.5 |
| 2017-12-17 | CVE-2017-17716 | Improper Certificate Validation vulnerability in Gitlab 9.4.0/9.4.1 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. | 5.9 |
| 2017-08-02 | CVE-2017-11438 | Improper Privilege Management vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | 6.3 |
| 2017-08-02 | CVE-2017-11437 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | 6.5 |
| 2017-05-04 | CVE-2017-8778 | Cross-site Scripting vulnerability in Gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 6.1 |
| 2017-03-28 | CVE-2017-0882 | Information Exposure vulnerability in Gitlab Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. | 6.3 |
| 2016-11-03 | CVE-2016-9086 | Information Exposure vulnerability in Gitlab GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. | 6.5 |