Vulnerabilities > Gitlab > Gitlab > 13.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-17 | CVE-2020-13351 | Incorrect Default Permissions vulnerability in Gitlab Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. | 5.0 |
2020-11-17 | CVE-2020-13350 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. | 4.3 |
2020-11-17 | CVE-2020-26406 | Unspecified vulnerability in Gitlab Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. | 5.0 |
2020-11-17 | CVE-2020-13358 | Incorrect Authorization vulnerability in Gitlab A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. | 2.1 |
2020-11-17 | CVE-2020-13352 | Unspecified vulnerability in Gitlab Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. | 5.0 |
2020-10-06 | CVE-2020-13343 | Exposure of Resource to Wrong Sphere vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.2. | 4.0 |