Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab 11.3.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2018-17537
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17451
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17449
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17450
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17452
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17453
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17454
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the issue details screen.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17455
An issue exists in GitLab Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge re...
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-17536
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the merge request page via project import.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
NA
CVE-2018-15472
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started