Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-21 | CVE-2017-0914 | SQL Injection vulnerability in Gitlab Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database. | 5.0 |
| 2018-01-05 | CVE-2014-8540 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | 4.0 |
| 2017-12-17 | CVE-2017-17716 | Improper Certificate Validation vulnerability in Gitlab 9.4.0/9.4.1 GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. | 4.3 |
| 2017-08-02 | CVE-2017-11438 | Improper Privilege Management vulnerability in Gitlab GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup. | 6.5 |
| 2017-08-02 | CVE-2017-11437 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users. | 4.0 |
| 2017-05-04 | CVE-2017-8778 | Cross-site Scripting vulnerability in Gitlab GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 4.3 |
| 2017-03-28 | CVE-2017-0882 | Information Exposure vulnerability in Gitlab Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. | 4.0 |
| 2017-03-28 | CVE-2016-9469 | Permissions, Privileges, and Access Controls vulnerability in Gitlab Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. | 5.0 |
| 2017-01-23 | CVE-2016-4340 | Permissions, Privileges, and Access Controls vulnerability in Gitlab The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | 6.5 |
| 2016-11-03 | CVE-2016-9086 | Information Exposure vulnerability in Gitlab GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. | 4.0 |