Vulnerabilities > Gitlab > Gitlab > 13.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-08-13 CVE-2020-13286 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
network
low complexity
gitlab CWE-918
4.0
4.0
2020-08-13 CVE-2020-13281 Improper Input Validation vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
network
low complexity
gitlab CWE-20
4.0
4.0
2020-08-13 CVE-2020-13285 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-08-13 CVE-2020-13283 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
network
gitlab CWE-79
3.5
3.5
2020-08-13 CVE-2020-13282 Improper Preservation of Permissions vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
network
gitlab CWE-281
4.9
4.9
2020-08-13 CVE-2020-13280 Resource Exhaustion vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
network
low complexity
gitlab CWE-400
4.0
4.0
2020-08-12 CVE-2020-13290 Improper Authentication vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
network
low complexity
gitlab CWE-287
6.5
6.5
2020-08-12 CVE-2020-13288 Cross-site Scripting vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
network
gitlab CWE-79
3.5
3.5
2020-08-10 CVE-2020-13294 Unspecified vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
network
low complexity
gitlab
5.4
5.4
2020-08-10 CVE-2020-13293 Incorrect Type Conversion or Cast vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
network
low complexity
gitlab CWE-704
5.5
5.5