Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-13 | CVE-2020-13280 | Resource Exhaustion vulnerability in Gitlab For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 6.5 |
| 2020-08-12 | CVE-2020-13291 | Unspecified vulnerability in Gitlab 13.2.0/13.2.1/13.2.2 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 8.1 |
| 2020-08-12 | CVE-2020-13290 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | 7.2 |
| 2020-08-12 | CVE-2020-13288 | Cross-site Scripting vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 4.8 |
| 2020-08-10 | CVE-2020-13295 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab Runner For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 8.8 |
| 2020-08-10 | CVE-2020-13294 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 5.4 |
| 2020-08-10 | CVE-2020-13293 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | 7.1 |
| 2020-08-10 | CVE-2020-13292 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | 9.6 |
| 2020-07-07 | CVE-2020-15525 | Unspecified vulnerability in Gitlab GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | 5.3 |
| 2020-06-22 | CVE-2020-13279 | Uncontrolled Search Path Element vulnerability in Gitlab Gitlab-Vscode-Extension Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 8.6 |