Gitlab Gitlab Community And Enterprise Editions
13 CVEs affecting Gitlab Gitlab Community And Enterprise Editions. Latest disclosed: 2018-03-22. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-0916 | Critical | 9.8 | 2018-03-21 | Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote… |
CVE-2017-0915 | Critical | 9.8 | 2018-03-21 | Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. |
CVE-2017-0926 | High | 8.8 | 2018-03-21 | Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. |
CVE-2017-0918 | High | 8.8 | 2018-03-21 | Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. |
CVE-2018-3710 | High | 7.8 | 2018-03-21 | Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execu… |
CVE-2017-0922 | High | 7.5 | 2018-03-21 | Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an inform… |
CVE-2017-0914 | High | 7.5 | 2018-03-21 | Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclos… |
CVE-2017-0925 | High | 7.2 | 2018-03-21 | Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resultin… |
CVE-2017-0927 | Medium | 6.5 | 2018-03-21 | Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deploy… |
CVE-2017-0924 | Medium | 6.1 | 2018-03-21 | Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting. |
CVE-2017-0923 | Medium | 6.1 | 2018-03-21 | Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting. |
CVE-2017-0917 | Medium | 6.1 | 2018-03-21 | Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. |
CVE-2017-0920 | Medium | 4.3 | 2018-03-22 | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::Crea… |