Total
968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9485 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-6790 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests. | |||||
| CVE-2019-9217 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. | |||||
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2019-6786 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are known. | |||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.9 MEDIUM | 3.5 LOW |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | |||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2020-08-17 | 5.5 MEDIUM | 8.1 HIGH |
| In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | |||||
| CVE-2020-13283 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 3.5 LOW | 5.4 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | |||||
| CVE-2020-13286 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | |||||
| CVE-2020-13288 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 3.5 LOW | 4.8 MEDIUM |
| In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | |||||
| CVE-2020-13292 | 1 Gitlab | 1 Gitlab | 2020-08-11 | 5.5 MEDIUM | 9.6 CRITICAL |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | |||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2020-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
| CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2020-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | |||||
| CVE-2020-13264 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | |||||
| CVE-2020-13265 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | |||||
| CVE-2020-13271 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-13269 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | |||||
| CVE-2020-13267 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | |||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2020-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | |||||