CVE-2018-18649 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in gitlab versions prior to 11.4.3, where the wiki API contained an input validation issue which resulted in remote code execution. |
CVE-2018-18648 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where a JSON endpoint was disclosing Gem version information which could result in an... |
CVE-2018-18646 |
Medium |
Yes |
Cross-site request forgery |
A security issue has been found in gitlab versions prior to 11.4.3, where the Hipchat integration was vulnerable to a SSRF issue which allowed an attacker... |
CVE-2018-18645 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where when replying to an issue through email, with the GitLab email footer included, a... |
CVE-2018-18643 |
Medium |
Yes |
Cross-site scripting |
A security issue has been found in gitlab versions prior to 11.4.3, where the fragment identifier (hash) of several pages contained a lack of input... |
CVE-2018-18641 |
Low |
Yes |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where personal access tokens were being stored unencrypted as plain text in the database... |
CVE-2018-18640 |
Medium |
No |
Information disclosure |
A security issue has been found in gitlab versions prior to 11.4.3, where private project pages had inadequate cache control, which resulted in unauthorized... |