Gitlab Community And Enterprise Editions vulnerabilities

13 known vulnerabilities affecting gitlab/gitlab_community_and_enterprise_editions.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2017-0920MEDIUMCVSS 4.3vVersions before 10.1.6, 10.2.6, and 10.3.42018-03-22
CVE-2017-0920 [MEDIUM] CWE-639 CVE-2017-0920: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an auth GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
cvelistv5nvd
CVE-2017-0916CRITICALCVSS 9.8v9.1.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0916 [CRITICAL] CWE-77 CVE-2017-0916: Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
cvelistv5nvd
CVE-2017-0915CRITICALCVSS 9.8v8.9 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0915 [CRITICAL] CWE-77 CVE-2017-0915: Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabPro Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
cvelistv5nvd
CVE-2017-0925HIGHCVSS 7.2v8.10.6 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0925 [HIGH] CWE-522 CVE-2017-0925: Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential iss Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
cvelistv5nvd
CVE-2017-0922HIGHCVSS 7.5v9.1.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0922 [HIGH] CWE-639 CVE-2017-0922: Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.
cvelistv5nvd
CVE-2017-0918HIGHCVSS 8.8v8.4.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0918 [HIGH] CWE-23 CVE-2017-0918: Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runne Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
cvelistv5nvd
CVE-2017-0914HIGHCVSS 7.5v9.1.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0914 [HIGH] CWE-89 CVE-2017-0914: Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL inje Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
cvelistv5nvd
CVE-2017-0926HIGHCVSS 8.8v9.1.0 - 10.0.5 Fixed in 10.0.5v10.1.0 - 10.1.5 Fixed in 10.1.6+2 more2018-03-21
CVE-2017-0926 [HIGH] CWE-285 CVE-2017-0926: Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
cvelistv5nvd
CVE-2018-3710HIGHCVSS 7.8v8.9 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2018-3710 [HIGH] CWE-377 CVE-2018-3710: Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
cvelistv5nvd
CVE-2017-0927MEDIUMCVSS 6.5v8.10.6 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0927 [MEDIUM] CWE-285 CVE-2017-0927: Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deploy Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.
cvelistv5nvd
CVE-2017-0924MEDIUMCVSS 6.1v9.1.0 - 10.0.5 Fixed in 10.0.5v10.1.0 - 10.1.5 Fixed in 10.1.6+2 more2018-03-21
CVE-2017-0924 [MEDIUM] CWE-79 CVE-2017-0924: Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels comp Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.
cvelistv5nvd
CVE-2017-0917MEDIUMCVSS 6.1v9.1.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0917 [MEDIUM] CWE-79 CVE-2017-0917: Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job comp Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
cvelistv5nvd
CVE-2017-0923MEDIUMCVSS 6.1v9.1.0 - 10.1.5 Fixed in 10.1.6v10.2.0 - 10.2.5 Fixed in 10.2.6+1 more2018-03-21
CVE-2017-0923 [MEDIUM] CWE-79 CVE-2017-0923: Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebo Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
cvelistv5nvd