|
247211
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.
|
CWE-285
Improper Authorization
|
CVE-2018-19578
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247212
|
7.7 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-19571
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247213
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their…
|
CWE-284
Improper Access Control
|
CVE-2018-19576
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247214
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2018-19575
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247215
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19574
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247216
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19573
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247217
|
5.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is …
|
CWE-362
Race Condition
|
CVE-2018-19572
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247218
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19570
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247219
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a P…
|
CWE-285
Improper Authorization
|
CVE-2018-19569
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247220
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the…
|
CWE-284
Improper Access Control
|
CVE-2018-19577
|
2024-11-21 12:58 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
