Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-10 | CVE-2020-13295 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab Runner For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 8.8 |
| 2020-08-10 | CVE-2020-13294 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 5.4 |
| 2020-08-10 | CVE-2020-13293 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | 7.1 |
| 2020-08-10 | CVE-2020-13292 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | 9.6 |
| 2020-07-07 | CVE-2020-15525 | Unspecified vulnerability in Gitlab GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | 5.3 |
| 2020-06-22 | CVE-2020-13279 | Uncontrolled Search Path Element vulnerability in Gitlab Gitlab-Vscode-Extension Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 8.6 |
| 2020-06-19 | CVE-2020-13264 | Information Exposure vulnerability in Gitlab Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.3 |
| 2020-06-19 | CVE-2020-13263 | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |
| 2020-06-19 | CVE-2020-13261 | Information Exposure vulnerability in Gitlab Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 2.7 |
| 2020-06-19 | CVE-2020-13276 | Missing Authorization vulnerability in Gitlab User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |