CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

CVE-2018-19574

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page...

CVE-2018-19570

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags...

CVE-2018-19573

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...

CVE-2018-19574

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page...

CVE-2018-19570

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags...

Design/Logic Flaw

GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue...

Improper access control

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential...

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

CVE-2018-19570

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags...

CVE-2018-19571

GitLab CE/EE is affected by CVE-2018-19571 (SSRF in webhooks) affecting versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1. Connected documents show public exploit entries indicating this SSRF can lead to remote code execution in GitLab 11.4.7/11.4.x and authentic...

CVE-2018-19574

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page...

CVE-2018-19574

GitLab CE/EE is affected by an XSS on the OAuth authorization page in versions 7.6–11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1. The issue is a cross-site scripting vulnerability on the OAuth flow. Remediation per sources is to upgrade to fixed releases: 11.3.11+, 11.4.8+...

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization flaw that lets a user access the web UI using a Personal Access Token of any scope. The root cause is an authorization issue that improperly permits PAT-authenticat...

CVE-2018-19569

Removed by vendor...

CVE-2018-19575

CVE-2018-19575 affects GitLab CE/EE: versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1 are vulnerable to an insecure direct object reference that allows a user to comment on a locked issue. Root cause is an insecure direct object reference in issue commenting log...

CVE-2018-19576

GitLab CE/EE versions 8.6–11.x are vulnerable to an access-control issue that allows a Guest to change or delete their own comments on an issue after it is marked Confidential. Root cause: improper enforcement of access to issue comments. Affected ranges: 11.3.11+ fixes for 11.3.x line, 11.4.8+ f...

CVE-2018-19576

Removed by vendor...

CVE-2018-19570

CVE-2018-19570 affects GitLab CE/EE: GitLab versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1 are vulnerable to an XSS in Markdown fields caused by unrecognized HTML tags. The issue is documented across multiple sources (NVD, OSV, CNVD, CVE listings, and vendor advisories)....

CVE-2018-19570

GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags...