| CVE-2018-18843 |
AVG-802 |
High |
Yes |
Cross-site request forgery |
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs |
| CVE-2018-18649 |
AVG-794 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in gitlab versions prior to 11.4.3, where the wiki API contained an input validation issue which resulted in remote code execution. |
| CVE-2018-18648 |
AVG-794 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where a JSON endpoint was disclosing Gem version information which could result in an... |
| CVE-2018-18647 |
AVG-802 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in gitlab versions prior to 11.4.3, where the protected_branches API was vulnerable to an issue which allowed an... |
| CVE-2018-18646 |
AVG-794 |
Medium |
Yes |
Cross-site request forgery |
A security issue has been found in gitlab versions prior to 11.4.3, where the Hipchat integration was vulnerable to a SSRF issue which allowed an attacker... |
| CVE-2018-18645 |
AVG-794 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where when replying to an issue through email, with the GitLab email footer included, a... |
| CVE-2018-18644 |
AVG-802 |
Medium |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where the Prometheus integration was vulnerable to an indirect object reference issue... |
| CVE-2018-18643 |
AVG-794 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in gitlab versions prior to 11.4.3, where the fragment identifier (hash) of several pages contained a lack of input... |
| CVE-2018-18642 |
AVG-802 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in gitlab versions prior to 11.4.3, where the license management and security reports pages contained a lack of input... |
| CVE-2018-18641 |
AVG-794 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where personal access tokens were being stored unencrypted as plain text in the database... |
| CVE-2018-18640 |
AVG-794 |
Medium |
No |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where private project pages had inadequate cache control, which resulted in unauthorized... |
| CVE-2018-12607 |
AVG-726 |
Medium |
Yes |
Cross-site scripting |
The charts feature contained a persistent XSS issue due to a lack of output encoding. |
| CVE-2018-12606 |
AVG-726 |
Medium |
Yes |
Cross-site scripting |
The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. |
| CVE-2018-3740 |
AVG-726 |
Medium |
Yes |
Insufficient validation |
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |