Vulnerabilities > Gitlab > Gitlab > 12.10.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-26415 | Information Exposure vulnerability in Gitlab Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. | 4.0 |
| 2020-12-11 | CVE-2020-26408 | Information Exposure vulnerability in Gitlab A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile | 5.0 |
| 2020-12-11 | CVE-2020-26409 | Improper Input Validation vulnerability in Gitlab A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | 4.0 |
| 2020-11-19 | CVE-2020-13359 | Information Exposure vulnerability in Gitlab The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. | 5.5 |
| 2020-11-17 | CVE-2020-13349 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 8.12. | 4.0 |
| 2020-10-08 | CVE-2020-13344 | Information Exposure vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 2.1 |
| 2020-10-07 | CVE-2020-13342 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 4.0 |
| 2020-10-07 | CVE-2020-13347 | Command Injection vulnerability in Gitlab A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. | 9.0 |
| 2020-10-07 | CVE-2020-13346 | Information Exposure vulnerability in Gitlab Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 4.0 |
| 2020-10-07 | CVE-2020-13335 | Improper Authentication vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.0 |