Gitlab Gitlab Community And Enterprise Editions

13 CVEs affecting Gitlab Gitlab Community And Enterprise Editions. Latest disclosed: 2018-03-22. Critical: 2, High: 6.

Top CVEs affecting Gitlab Gitlab Community And Enterprise Editions
CVESeverityScorePublishedSummary
CVE-2017-0916Critical9.82018-03-21Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote…
CVE-2017-0915Critical9.82018-03-21Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
CVE-2017-0926High8.82018-03-21Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
CVE-2017-0918High8.82018-03-21Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2018-3710High7.82018-03-21Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execu…
CVE-2017-0922High7.52018-03-21Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an inform…
CVE-2017-0914High7.52018-03-21Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclos…
CVE-2017-0925High7.22018-03-21Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resultin…
CVE-2017-0927Medium6.52018-03-21Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deploy…
CVE-2017-0924Medium6.12018-03-21Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
CVE-2017-0923Medium6.12018-03-21Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
CVE-2017-0917Medium6.12018-03-21Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
CVE-2017-0920Medium4.32018-03-22GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::Crea…