An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-04-11
GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-04-04
GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-28
GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-03-26
An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-03-25
Page 50