Vulnerabilities > Gitlab

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-13284 Incorrect Authorization vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-863
6.5
6.5
2020-08-13 CVE-2020-13286 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
network
low complexity
gitlab CWE-918
4.3
4.3
2020-08-13 CVE-2020-13281 Resource Exhaustion vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
network
low complexity
gitlab CWE-400
6.5
6.5
2020-08-13 CVE-2020-13285 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-08-13 CVE-2020-13283 Cross-site Scripting vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
network
low complexity
gitlab CWE-79
5.4
5.4
2020-08-13 CVE-2020-13282 Improper Preservation of Permissions vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
network
low complexity
gitlab CWE-281
3.5
3.5
2020-08-13 CVE-2020-13280 Resource Exhaustion vulnerability in Gitlab
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
network
low complexity
gitlab CWE-400
6.5
6.5
2020-08-12 CVE-2020-13291 Unspecified vulnerability in Gitlab 13.2.0/13.2.1/13.2.2
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
network
low complexity
gitlab
8.1
8.1
2020-08-12 CVE-2020-13290 Improper Authentication vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
network
low complexity
gitlab CWE-287
7.2
7.2
2020-08-12 CVE-2020-13288 Cross-site Scripting vulnerability in Gitlab
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
network
low complexity
gitlab CWE-79
4.8
4.8