Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-11-17 CVE-2020-13352 Unspecified vulnerability in Gitlab
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group.
network
low complexity
gitlab
5.3
5.3
2020-10-22 CVE-2020-13327 Unspecified vulnerability in Gitlab Runner
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10.
network
high complexity
gitlab
7.5
7.5
2020-10-12 CVE-2020-13341 Type Confusion vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.
network
low complexity
gitlab CWE-843
4.9
4.9
2020-10-08 CVE-2020-13340 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
network
low complexity
gitlab CWE-79
8.7
8.7
2020-10-08 CVE-2020-13339 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview.
network
low complexity
gitlab CWE-79
6.5
6.5
2020-10-08 CVE-2020-13344 Insufficiently Protected Credentials vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.
local
low complexity
gitlab CWE-522
4.4
4.4
2020-10-07 CVE-2020-13342 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
network
low complexity
gitlab CWE-770
2.7
2.7
2020-10-07 CVE-2020-13347 Path Traversal vulnerability in Gitlab
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1.
network
low complexity
gitlab CWE-22
critical
 9.1
9.1
2020-10-07 CVE-2020-13346 Incomplete Cleanup vulnerability in Gitlab
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
network
low complexity
gitlab CWE-459
6.5
6.5
2020-10-07 CVE-2020-13335 Incorrect Authorization vulnerability in Gitlab
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
network
low complexity
gitlab CWE-863
4.3
4.3