Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-13355 | Path Traversal vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. | 8.1 |
| 2020-11-17 | CVE-2020-26405 | Path Traversal vulnerability in Gitlab Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. | 7.1 |
| 2020-11-17 | CVE-2020-13349 | Resource Exhaustion vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 8.12. | 4.3 |
| 2020-11-17 | CVE-2020-13348 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 10.2. | 5.7 |
| 2020-11-17 | CVE-2020-13351 | Incorrect Default Permissions vulnerability in Gitlab Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. | 6.5 |
| 2020-11-17 | CVE-2020-13350 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. | 4.3 |
| 2020-11-17 | CVE-2020-26406 | Unspecified vulnerability in Gitlab Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. | 5.3 |
| 2020-11-17 | CVE-2020-13358 | Unspecified vulnerability in Gitlab A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. | 5.5 |
| 2020-11-17 | CVE-2020-13354 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. | 4.3 |
| 2020-11-17 | CVE-2020-13353 | Insufficient Session Expiration vulnerability in Gitlab Gitaly When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 3.2 |