Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-26411 | Improper Resource Shutdown OR Release vulnerability in Gitlab A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). | 4.0 |
| 2020-12-11 | CVE-2020-26417 | Information Exposure vulnerability in Gitlab Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. | 5.0 |
| 2020-12-11 | CVE-2020-26416 | Information Exposure vulnerability in Gitlab Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. | 2.1 |
| 2020-12-11 | CVE-2020-26415 | Information Exposure vulnerability in Gitlab Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. | 4.0 |
| 2020-12-11 | CVE-2020-26413 | Information Exposure vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. | 5.0 |
| 2020-12-11 | CVE-2020-26412 | Information Exposure vulnerability in Gitlab Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | 4.0 |
| 2020-12-11 | CVE-2020-26408 | Information Exposure vulnerability in Gitlab A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile | 5.0 |
| 2020-12-11 | CVE-2020-13357 | Authorization Bypass Through User-Controlled KEY vulnerability in Gitlab An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | 4.0 |
| 2020-12-11 | CVE-2020-26409 | Improper Input Validation vulnerability in Gitlab A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | 4.0 |
| 2020-12-10 | CVE-2020-26407 | Cross-Site Scripting vulnerability in Gitlab A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project | 3.5 |