Total
213 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13343 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | |||||
CVE-2020-13355 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2020-13321 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.3 HIGH |
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. | |||||
CVE-2021-22189 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | |||||
CVE-2020-13340 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 8.7 HIGH |
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | |||||
CVE-2020-13306 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. | |||||
CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
CVE-2020-10976 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | |||||
CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | |||||
CVE-2020-13304 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. | |||||
CVE-2020-13290 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | |||||
CVE-2020-13272 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | |||||
CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | |||||
CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | |||||
CVE-2020-11506 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. | |||||
CVE-2020-13302 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. | |||||
CVE-2020-11505 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. | |||||
CVE-2020-13293 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | |||||
CVE-2020-13299 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | |||||
CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. |