Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
CVE-2018-16049
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-10-03
CVE-2018-16050
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-10-03
CVE-2018-16051
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-10-03
CVE-2018-12605
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
CVE-2018-12606
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
CVE-2018-12607
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-08-03
CVE-2018-14601
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-07-27
CVE-2018-14602
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-07-27
CVE-2018-14603
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
CVSS Score
8.8
EPSS Score
0.0
Published
2018-07-27
CVE-2018-14604
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved