Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 1.0.0  Security Vulnerabilities
CVE-2019-10108
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-15
CVE-2019-10109
An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-15
CVE-2019-10110
An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-05-15
CVE-2019-10111
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-05-15
CVE-2019-10640
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-15
CVE-2019-11000
An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-05-10
CVE-2018-18643
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-04-25
CVE-2019-9217
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-04-17
CVE-2019-9219
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).
CVSS Score
3.7
EPSS Score
0.002
Published
2019-04-17
CVE-2019-9220
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved