Vulnerabilities > Gitlab > Gitlab > 12.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-12 | CVE-2020-13290 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | 6.5 |
2020-08-10 | CVE-2020-13294 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 5.4 |
2020-08-10 | CVE-2020-13293 | Incorrect Type Conversion or Cast vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | 5.5 |
2020-08-10 | CVE-2020-13292 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | 5.5 |
2020-07-07 | CVE-2020-15525 | Improper Privilege Management vulnerability in Gitlab GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | 5.0 |
2020-06-19 | CVE-2020-13277 | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 4.0 |
2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
2020-06-10 | CVE-2020-13267 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | 4.3 |
2020-06-09 | CVE-2020-13266 | Missing Authorization vulnerability in Gitlab Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | 4.0 |