Vulnerabilities > Gitlab > Gitlab > 13.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-17 | CVE-2020-13351 | Incorrect Default Permissions vulnerability in Gitlab Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. | 5.0 |
2020-11-17 | CVE-2020-13350 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. | 4.3 |
2020-11-17 | CVE-2020-13354 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. | 4.0 |
2020-11-17 | CVE-2020-13352 | Unspecified vulnerability in Gitlab Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. | 5.0 |
2020-10-12 | CVE-2020-13341 | Incorrect Permission Assignment for Critical Resource vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 4.0 |
2020-10-08 | CVE-2020-13340 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 3.5 |
2020-10-08 | CVE-2020-13339 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. | 6.0 |
2020-10-08 | CVE-2020-13344 | Information Exposure vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 2.1 |
2020-10-07 | CVE-2020-13342 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email | 4.0 |
2020-10-07 | CVE-2020-13347 | Command Injection vulnerability in Gitlab A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. | 9.0 |