GitLab 11.3.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:community:*:*:*
part: a version: 11.3.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.109061 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-17537 |
vulnerable | 2026-06-03 14:38:21.876466 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T16:28:21.295Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17536 |
vulnerable | 2026-06-03 14:38:21.876072 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:16:24.791Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17455 |
vulnerable | 2026-06-03 14:38:21.814143 |
Details available
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:18:51.858Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17454 |
vulnerable | 2026-06-03 14:38:21.813763 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:24:19.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17453 |
vulnerable | 2026-06-03 14:38:21.813387 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:25:19.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17452 |
vulnerable | 2026-06-03 14:38:21.813014 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:29:19.022Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17451 |
vulnerable | 2026-06-03 14:38:21.812614 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:36:43.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17450 |
vulnerable | 2026-06-03 14:38:21.812202 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-06T20:38:05.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17449 |
vulnerable | 2026-06-03 14:38:21.811116 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-07T16:46:22.155Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15472 |
vulnerable | 2026-06-03 14:38:13.510560 |
Details available
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.
Published: 2023-04-15T00:00:00.000Z
Updated: 2025-02-10T15:09:21.872Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.