Vulnerabilities > Gitlab > Gitlab > 12.8.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-13277 | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 4.0 |
| 2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
| 2020-06-10 | CVE-2020-13271 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |
| 2020-06-10 | CVE-2020-13270 | Missing Authorization vulnerability in Gitlab Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | 6.5 |
| 2020-06-10 | CVE-2020-13267 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | 4.3 |
| 2020-06-09 | CVE-2020-13266 | Missing Authorization vulnerability in Gitlab Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | 4.0 |
| 2020-04-08 | CVE-2020-10981 | Improper Input Validation vulnerability in Gitlab GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | 4.0 |
| 2020-04-08 | CVE-2020-10980 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 7.5 |
| 2020-04-08 | CVE-2020-10979 | Information Exposure vulnerability in Gitlab GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | 4.0 |
| 2020-04-08 | CVE-2020-10978 | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | 5.0 |