Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-13264 | Information Exposure vulnerability in Gitlab Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.3 |
| 2020-06-19 | CVE-2020-13263 | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |
| 2020-06-19 | CVE-2020-13261 | Information Exposure vulnerability in Gitlab Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 2.7 |
| 2020-06-19 | CVE-2020-13276 | Missing Authorization vulnerability in Gitlab User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |
| 2020-06-19 | CVE-2020-13275 | Unspecified vulnerability in Gitlab A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 8.1 |
| 2020-06-19 | CVE-2020-13274 | Unspecified vulnerability in Gitlab A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 7.5 |
| 2020-06-19 | CVE-2020-13273 | Unspecified vulnerability in Gitlab A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 7.5 |
| 2020-06-19 | CVE-2020-13272 | Insufficient Verification of Data Authenticity vulnerability in Gitlab OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 8.8 |
| 2020-06-19 | CVE-2020-13265 | Insufficient Verification of Data Authenticity vulnerability in Gitlab User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 5.3 |
| 2020-06-19 | CVE-2020-13262 | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |