Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-14 | CVE-2020-13302 | Insufficient Session Expiration vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 7.2 |
| 2020-09-14 | CVE-2020-13318 | Unspecified vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. | 7.3 |
| 2020-09-14 | CVE-2020-13299 | Insufficient Session Expiration vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 8.1 |
| 2020-08-12 | CVE-2020-13291 | Unspecified vulnerability in Gitlab 13.2.0/13.2.1/13.2.2 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 8.1 |
| 2020-08-12 | CVE-2020-13290 | Improper Authentication vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | 7.2 |
| 2020-08-10 | CVE-2020-13295 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab Runner For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 8.8 |
| 2020-08-10 | CVE-2020-13293 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | 7.1 |
| 2020-06-22 | CVE-2020-13279 | Uncontrolled Search Path Element vulnerability in Gitlab Gitlab-Vscode-Extension Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system | 8.6 |
| 2020-06-19 | CVE-2020-13263 | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |
| 2020-06-19 | CVE-2020-13275 | Unspecified vulnerability in Gitlab A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 8.1 |