Vulnerabilities > Gitlab > Gitlab > 0.9.5

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-13304 Improper Authentication vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-287
6.5
6.5
2020-09-14 CVE-2020-13302 Insufficient Session Expiration vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-613
6.5
6.5
2020-09-14 CVE-2020-13301 Cross-site Scripting vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
gitlab CWE-79
3.5
3.5
2020-09-14 CVE-2020-13298 Improper Input Validation vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-20
5.0
5.0
2020-09-14 CVE-2020-13297 Improper Authentication vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
gitlab CWE-287
4.9
4.9
2020-08-13 CVE-2020-13280 Resource Exhaustion vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
network
low complexity
gitlab CWE-400
4.0
4.0
2020-06-19 CVE-2020-13276 Incorrect Authorization vulnerability in Gitlab
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
network
low complexity
gitlab CWE-863
4.0
4.0
2020-06-19 CVE-2020-13274 Resource Exhaustion vulnerability in Gitlab
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
network
low complexity
gitlab CWE-400
5.0
5.0
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
5.3
2020-06-10 CVE-2020-13271 Cross-site Scripting vulnerability in Gitlab
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
network
gitlab CWE-79
4.3
4.3