Vulnerabilities > Gitlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-13269 | Cross-site Scripting vulnerability in Gitlab A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | 6.1 |
| 2020-06-10 | CVE-2020-13268 | Unspecified vulnerability in Gitlab A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. | 5.3 |
| 2020-06-10 | CVE-2020-13267 | Cross-site Scripting vulnerability in Gitlab A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | 6.1 |
| 2020-06-09 | CVE-2020-13266 | Missing Authorization vulnerability in Gitlab Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | 4.3 |
| 2020-05-07 | CVE-2020-12448 | Path Traversal vulnerability in Gitlab GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | 5.3 |
| 2020-04-29 | CVE-2020-12277 | Incorrect Default Permissions vulnerability in Gitlab GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. | 5.3 |
| 2020-04-29 | CVE-2020-12276 | Cross-site Scripting vulnerability in Gitlab GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. | 4.8 |
| 2020-04-29 | CVE-2020-12275 | Unspecified vulnerability in Gitlab GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. | 5.3 |
| 2020-04-22 | CVE-2020-11649 | Missing Authentication for Critical Function vulnerability in Gitlab An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. | 6.5 |
| 2020-04-08 | CVE-2020-10981 | Unspecified vulnerability in Gitlab GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | 4.3 |