Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gitlab Subscribe
Total 821 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13341 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.9 MEDIUM
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
CVE-2020-13342 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 2.7 LOW
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
CVE-2020-13344 1 Gitlab 1 Gitlab 2021-07-21 2.1 LOW 4.4 MEDIUM
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis
CVE-2020-13346 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
CVE-2020-13349 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE-2020-13358 1 Gitlab 1 Gitlab 2021-07-21 2.1 LOW 5.5 MEDIUM
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.
CVE-2020-13359 1 Gitlab 1 Gitlab 2021-07-21 5.5 MEDIUM 7.6 HIGH
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE-2020-15525 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.
CVE-2020-26415 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVE-2020-26416 1 Gitlab 1 Gitlab 2021-07-21 2.1 LOW 4.4 MEDIUM
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
CVE-2020-26408 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile
CVE-2020-26409 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
CVE-2020-26412 1 Gitlab 1 Gitlab 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
CVE-2020-5197 1 Gitlab 1 Gitlab 2021-07-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
CVE-2020-6832 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
CVE-2020-6833 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling.
CVE-2020-7968 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 7.5 HIGH
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.
CVE-2020-7969 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 7.5 HIGH
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVE-2020-7974 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVE-2020-7976 1 Gitlab 1 Gitlab 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.