Vulnerabilities > Gitlab > Gitlab > 13.0.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-07 | CVE-2020-13342 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 4.0 |
| 2020-10-07 | CVE-2020-13347 | Command Injection vulnerability in Gitlab A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. | 9.0 |
| 2020-10-07 | CVE-2020-13346 | Information Exposure vulnerability in Gitlab Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 4.0 |
| 2020-10-07 | CVE-2020-13335 | Improper Authentication vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.0 |
| 2020-09-14 | CVE-2020-13304 | Improper Authentication vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 6.5 |
| 2020-09-14 | CVE-2020-13298 | Improper Input Validation vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 5.0 |
| 2020-09-14 | CVE-2020-13297 | Improper Authentication vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 4.9 |
| 2020-09-14 | CVE-2020-13318 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. | 4.9 |
| 2020-08-13 | CVE-2020-13281 | Improper Input Validation vulnerability in Gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | 4.0 |
| 2020-08-13 | CVE-2020-13285 | Cross-site Scripting vulnerability in Gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. | 5.4 |