Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-10-08 CVE-2020-13339 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview.
network
low complexity
gitlab CWE-79
6.5
6.5
2020-10-08 CVE-2020-13344 Insufficiently Protected Credentials vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.
local
low complexity
gitlab CWE-522
4.4
4.4
2020-10-07 CVE-2020-13342 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
network
low complexity
gitlab CWE-770
2.7
2.7
2020-10-07 CVE-2020-13347 Path Traversal vulnerability in Gitlab
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1.
network
low complexity
gitlab CWE-22
critical
 9.1
9.1
2020-10-07 CVE-2020-13346 Incomplete Cleanup vulnerability in Gitlab
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
network
low complexity
gitlab CWE-459
6.5
6.5
2020-10-07 CVE-2020-13335 Incorrect Authorization vulnerability in Gitlab
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
network
low complexity
gitlab CWE-863
4.3
4.3
2020-10-07 CVE-2020-13334 Incorrect Authorization vulnerability in Gitlab
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query
network
low complexity
gitlab CWE-863
7.5
7.5
2020-10-06 CVE-2020-13343 Exposure of Resource to Wrong Sphere vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 11.2.
network
low complexity
gitlab CWE-668
8.8
8.8
2020-10-06 CVE-2020-13333 Resource Exhaustion vulnerability in Gitlab 13.1.0/13.2.0/13.3.0
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3.
network
low complexity
gitlab CWE-400
4.3
4.3
2020-10-06 CVE-2020-13345 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 10.8.
network
low complexity
gitlab CWE-79
5.4
5.4