U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gitlab:gitlab:7.10.0:rc3:*:*:community:*:*:*
  • CPE Name Search: true
There are 205 matching records.
Displaying matches 201 through 205.
Vuln ID Summary CVSS Severity

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

Published: July 03, 2018; 5:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

Published: May 31, 2018; 5:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.

Published: March 24, 2018; 5:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

Published: August 14, 2017; 5:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

Published: May 04, 2017; 11:29:00 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM