Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-13300 Incorrect Authorization vulnerability in Gitlab 13.3.0/13.3.1/13.3.2
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
network
low complexity
gitlab CWE-863
critical
 10.0
10
2020-09-14 CVE-2020-13299 Insufficient Session Expiration vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-613
8.1
8.1
2020-09-14 CVE-2020-13289 Missing Authentication for Critical Function vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-306
5.4
5.4
2020-09-14 CVE-2020-13287 Unspecified vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab
4.3
4.3
2020-09-14 CVE-2020-13284 Incorrect Authorization vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-863
6.5
6.5
2020-08-13 CVE-2020-13286 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
network
low complexity
gitlab CWE-918
4.3
4.3
2020-08-13 CVE-2020-13281 Resource Exhaustion vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
network
low complexity
gitlab CWE-400
6.5
6.5
2020-08-13 CVE-2020-13285 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-08-13 CVE-2020-13283 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-08-13 CVE-2020-13282 Improper Preservation of Permissions vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
network
low complexity
gitlab CWE-281
3.5
3.5