Filtered by vendor Gitlab
Subscribe
Total
981 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.5 MEDIUM | 7.6 HIGH |
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
CVE-2020-13341 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | |||||
CVE-2021-22167 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository | |||||
CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | |||||
CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | |||||
CVE-2020-26407 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project | |||||
CVE-2021-22182 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. | |||||
CVE-2020-13345 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes | |||||
CVE-2020-26412 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | |||||
CVE-2020-13326 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. | |||||
CVE-2020-13330 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. | |||||
CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 7.7 HIGH |
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
CVE-2020-13339 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.0 MEDIUM | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. | |||||
CVE-2020-13329 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. | |||||
CVE-2021-22178 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. | |||||
CVE-2020-13350 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. | |||||
CVE-2020-13331 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. | |||||
CVE-2020-13328 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. | |||||
CVE-2020-13336 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | |||||
CVE-2020-13319 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. |