Total
968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26412 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | |||||
| CVE-2020-13326 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. | |||||
| CVE-2020-13330 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. | |||||
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 7.7 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
| CVE-2020-13339 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. | |||||
| CVE-2020-13329 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. | |||||
| CVE-2021-22178 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. | |||||
| CVE-2020-13350 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. | |||||
| CVE-2020-13331 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. | |||||
| CVE-2020-13328 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. | |||||
| CVE-2020-13336 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. | |||||
| CVE-2020-13319 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. | |||||
| CVE-2021-22193 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. | |||||
| CVE-2021-22188 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | |||||
| CVE-2021-22186 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | |||||
| CVE-2020-13296 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 7.5 HIGH | 8.8 HIGH |
| An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | |||||
| CVE-2020-26413 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. | |||||
| CVE-2020-26414 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. | |||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||||
| CVE-2020-13324 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. | |||||