Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-10-07 CVE-2020-13334 Incorrect Authorization vulnerability in Gitlab
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query
network
low complexity
gitlab CWE-863
7.5
7.5
2020-10-06 CVE-2020-13343 Exposure of Resource to Wrong Sphere vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 11.2.
network
low complexity
gitlab CWE-668
8.8
8.8
2020-10-06 CVE-2020-13333 Resource Exhaustion vulnerability in Gitlab 13.1.0/13.2.0/13.3.0
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3.
network
low complexity
gitlab CWE-400
4.3
4.3
2020-10-06 CVE-2020-13345 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 10.8.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-10-02 CVE-2020-13338 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-10-02 CVE-2020-13337 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
network
low complexity
gitlab CWE-79
4.8
4.8
2020-09-30 CVE-2020-13336 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13.
network
low complexity
gitlab CWE-79
4.8
4.8
2020-09-30 CVE-2020-13331 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 12.10.13.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-09-30 CVE-2020-13330 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 12.10.13.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-09-30 CVE-2020-13329 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13.
network
low complexity
gitlab CWE-79
6.5
6.5