GitLab Directory Traversal Vulnerability (CVE-2018-19856)

GitLab is prone to a directory traversal vulnerability in the Templates API. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GitLab Input Validation Error Vulnerability (CNVD-2020-20440)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

CVE-2018-19572

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11...

Design/Logic Flaw

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...

PT-2019-9853 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 before 11.3.11 GitLab CE/EE versions 11.4 before 11.4.8 GitLab CE/EE versions 11.5 before 11.5.1 Description: The issue is related to an XSS vulnerability in Markdown fields via unrecognized HTML tags...

PT-2019-9856 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 11.5 before 11.5.1 GitLab CE/EE version 11.4 before 11.4.8 GitLab CE/EE version 11.3 before 11.3.11 Description: The issue is related to an XSS vulnerability in Markdown fields via Mermaid. Recommendations:...

PT-2019-9866 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 Description: The issue allows administrators with access to the logs to see another user's token, as access tokens are...