Vulnerabilities > Gitlab > Gitlab > 13.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-13275 | Incorrect Authorization vulnerability in Gitlab A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 5.5 |
| 2020-06-19 | CVE-2020-13274 | Resource Exhaustion vulnerability in Gitlab A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 5.0 |
| 2020-06-19 | CVE-2020-13272 | Incorrect Authorization vulnerability in Gitlab OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 6.5 |
| 2020-06-19 | CVE-2020-13265 | Insufficient Verification of Data Authenticity vulnerability in Gitlab User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 5.0 |
| 2020-06-19 | CVE-2020-13262 | Cross-site Scripting vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 4.3 |
| 2020-06-19 | CVE-2020-13277 | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 4.0 |
| 2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
| 2020-06-10 | CVE-2020-13271 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |
| 2020-06-10 | CVE-2020-13270 | Missing Authorization vulnerability in Gitlab Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | 6.5 |
| 2020-06-10 | CVE-2020-13269 | Cross-site Scripting vulnerability in Gitlab A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | 4.3 |