Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13318 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.3 High |
| A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | ||||
| CVE-2020-13320 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. | ||||
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.7 High |
| A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | ||||
| CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | ||||
| CVE-2020-13341 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.9 Medium |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | ||||
| CVE-2020-13342 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 2.7 Low |
| An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | ||||
| CVE-2020-13344 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.4 Medium |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis | ||||
| CVE-2020-13346 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | ||||
| CVE-2020-13347 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 9.1 Critical |
| A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | ||||
| CVE-2020-13349 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||
| CVE-2020-13358 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 Medium |
| A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. | ||||
| CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 7.6 High |
| The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||
| CVE-2020-10978 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | ||||
| CVE-2020-15525 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | ||||
| CVE-2020-26408 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.3 Medium |
| A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile | ||||
| CVE-2020-26409 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 Medium |
| A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | ||||
| CVE-2020-26412 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | ||||
| CVE-2020-26415 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | ||||
| CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.4 Medium |
| Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | ||||
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | ||||