Vulnerabilities > Gitlab > Gitlab > 13.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-07 | CVE-2020-13346 | Information Exposure vulnerability in Gitlab Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | 4.0 |
2020-10-07 | CVE-2020-13335 | Improper Authentication vulnerability in Gitlab Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | 4.0 |
2020-10-07 | CVE-2020-13334 | Incorrect Authorization vulnerability in Gitlab In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | 5.0 |
2020-10-06 | CVE-2020-13343 | Exposure of Resource to Wrong Sphere vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.2. | 4.0 |
2020-10-06 | CVE-2020-13345 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 10.8. | 3.5 |
2020-09-30 | CVE-2020-13296 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. | 7.5 |
2020-09-15 | CVE-2020-13308 | Improper Preservation of Permissions vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 4.0 |
2020-09-15 | CVE-2020-13307 | Insufficient Session Expiration vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 6.0 |
2020-09-15 | CVE-2020-13303 | Incorrect Authorization vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 4.0 |
2020-09-14 | CVE-2020-13315 | Unspecified vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 5.0 |