Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-13288 | Cross-site Scripting vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 4.8 |
| 2020-08-10 | CVE-2020-13294 | Unspecified vulnerability in Gitlab In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 5.4 |
| 2020-07-07 | CVE-2020-15525 | Unspecified vulnerability in Gitlab GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | 5.3 |
| 2020-06-19 | CVE-2020-13264 | Information Exposure vulnerability in Gitlab Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.3 |
| 2020-06-19 | CVE-2020-13276 | Missing Authorization vulnerability in Gitlab User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |
| 2020-06-19 | CVE-2020-13265 | Insufficient Verification of Data Authenticity vulnerability in Gitlab User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 5.3 |
| 2020-06-19 | CVE-2020-13262 | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |
| 2020-06-19 | CVE-2020-13277 | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 6.5 |
| 2020-06-15 | CVE-2020-14155 | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
| 2020-06-10 | CVE-2020-13271 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | 6.1 |