Vulnerabilities > Gitlab > Gitlab > 12.9.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-13354 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. | 4.0 |
| 2020-11-17 | CVE-2020-13352 | Unspecified vulnerability in Gitlab Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. | 5.0 |
| 2020-10-08 | CVE-2020-13340 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 3.5 |
| 2020-10-08 | CVE-2020-13339 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. | 6.0 |
| 2020-10-08 | CVE-2020-13344 | Information Exposure vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 2.1 |
| 2020-10-07 | CVE-2020-13342 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 4.0 |
| 2020-10-07 | CVE-2020-13347 | Command Injection vulnerability in Gitlab A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. | 9.0 |
| 2020-10-07 | CVE-2020-13346 | Information Exposure vulnerability in Gitlab Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 4.0 |
| 2020-10-07 | CVE-2020-13335 | Improper Authentication vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.0 |
| 2020-10-07 | CVE-2020-13334 | Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 5.0 |