Debian Gitlab vulnerabilities

CVE-2018-18642 [MEDIUM] CVE-2018-18642: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. Scope: local sid: resolved

CVE-2018-19579 [MEDIUM] CVE-2018-19579: gitlab - GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Op... GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. Scope: local sid: resolved

CVE-2018-19582 [MEDIUM] CVE-2018-19582: gitlab - GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an... GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. Scope: local sid: resolved

CVE-2018-19581 [HIGH] CVE-2018-19581: gitlab - GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ... GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create. Scope: local sid: resolved

CVE-2018-18644 [MEDIUM] CVE-2018-18644: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.x before 1... An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration. Scope: local sid: resolved

CVE-2018-16048 [MEDIUM] CVE-2018-16048: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6... An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage. Scope: local sid: resolved

CVE-2018-14601 [HIGH] CVE-2018-14601: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before... An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. Scope: local sid: resolved

CVE-2018-18649 [CRITICAL] CVE-2018-18649: gitlab - An issue was discovered in the wiki API in GitLab Community and Enterprise Editi... An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. Scope: local sid: resolved

CVE-2018-19584 [HIGH] CVE-2018-19584: gitlab - GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.... GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. Scope: local sid: resolved

CVE-2018-18643 [MEDIUM] CVE-2018-18643: gitlab - GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have P... GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. Scope: local sid: resolved

CVE-2018-18648 [HIGH] CVE-2018-18648: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message. Scope: local sid: resolved

CVE-2018-18647 [MEDIUM] CVE-2018-18647: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7... An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization. Scope: local sid: resolved

CVE-2018-19578 [MEDIUM] CVE-2018-19578: gitlab - GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object refer... GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page. Scope: local sid: resolved

CVE-2017-0915 [CRITICAL] CVE-2017-0915: gitlab - Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validat... Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0916 [CRITICAL] CVE-2017-0916: gitlab - Gitlab Community Edition version 10.3 is vulnerable to a lack of input validatio... Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0918 [HIGH] CVE-2017-0918: gitlab - Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in... Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0922 [HIGH] CVE-2017-0922: gitlab - Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass ... Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0926 [HIGH] CVE-2017-0926: gitlab - Gitlab Community Edition version 10.3 is vulnerable to an improper authorization... Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0925 [HIGH] CVE-2017-0925: gitlab - Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently prot... Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)

CVE-2017-0919 [HIGH] CVE-2017-0919: gitlab - GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are v... GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. Scope: local sid: resolved (fixed in 10.5.5+dfsg-1)