Filtered by vendor Gitlab
Subscriptions
Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 6.5 Medium |
| Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | ||||
| CVE-2020-13350 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 4.3 Medium |
| CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. | ||||
| CVE-2020-13348 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||
| CVE-2020-13327 | 1 Gitlab | 1 Runner | 2020-11-02 | 7.5 High |
| An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments | ||||
| CVE-2020-13333 | 1 Gitlab | 1 Gitlab | 2020-10-29 | 4.3 Medium |
| A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | ||||
| CVE-2019-5487 | 1 Gitlab | 1 Gitlab | 2020-10-22 | 5.3 Medium |
| An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits. | ||||
| CVE-2019-5470 | 1 Gitlab | 1 Gitlab | 2020-10-21 | 7.5 High |
| An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information. | ||||
| CVE-2019-5466 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.3 Medium |
| An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | ||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.3 Medium |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | ||||
| CVE-2019-5474 | 1 Gitlab | 1 Gitlab | 2020-10-19 | 6.5 Medium |
| An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. | ||||
| CVE-2020-13334 | 1 Gitlab | 1 Gitlab | 2020-10-15 | 7.5 High |
| In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | ||||
| CVE-2020-13345 | 1 Gitlab | 1 Gitlab | 2020-10-15 | 5.4 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes | ||||
| CVE-2020-13343 | 1 Gitlab | 1 Gitlab | 2020-10-14 | 8.8 High |
| An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | ||||
| CVE-2020-13340 | 1 Gitlab | 1 Gitlab | 2020-10-14 | 8.7 High |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | ||||
| CVE-2019-15591 | 1 Gitlab | 1 Gitlab | 2020-10-09 | 6.5 Medium |
| An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled. | ||||
| CVE-2019-15575 | 1 Gitlab | 1 Gitlab | 2020-10-09 | 7.5 High |
| A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. | ||||
| CVE-2019-15593 | 1 Gitlab | 1 Gitlab | 2020-10-09 | 6.5 Medium |
| GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments. | ||||
| CVE-2020-13339 | 1 Gitlab | 1 Gitlab | 2020-10-08 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. | ||||
| CVE-2020-13337 | 1 Gitlab | 1 Gitlab | 2020-10-08 | 4.8 Medium |
| An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. | ||||
| CVE-2020-13338 | 1 Gitlab | 1 Gitlab | 2020-10-08 | 5.4 Medium |
| An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. | ||||