Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-13351 | Incorrect Default Permissions vulnerability in Gitlab Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. | 6.5 |
| 2020-11-17 | CVE-2020-13350 | Cross-Site Request Forgery (CSRF) vulnerability in Gitlab CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. | 4.3 |
| 2020-11-17 | CVE-2020-26406 | Unspecified vulnerability in Gitlab Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. | 5.3 |
| 2020-11-17 | CVE-2020-13358 | Unspecified vulnerability in Gitlab A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. | 5.5 |
| 2020-11-17 | CVE-2020-13354 | Resource Exhaustion vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. | 4.3 |
| 2020-11-17 | CVE-2020-13353 | Insufficient Session Expiration vulnerability in Gitlab Gitaly When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 3.2 |
| 2020-11-17 | CVE-2020-13352 | Unspecified vulnerability in Gitlab Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. | 5.3 |
| 2020-10-22 | CVE-2020-13327 | Unspecified vulnerability in Gitlab Runner An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. | 7.5 |
| 2020-10-12 | CVE-2020-13341 | Type Confusion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 4.9 |
| 2020-10-08 | CVE-2020-13340 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log | 8.7 |