Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gitlab Subscribe
Total 821 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13319 1 Gitlab 1 Gitlab 2020-10-02 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.
CVE-2020-13321 1 Gitlab 1 Gitlab 2020-10-02 6.5 MEDIUM 8.3 HIGH
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.
CVE-2020-13322 1 Gitlab 1 Gitlab 2020-10-02 6.5 MEDIUM 7.2 HIGH
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.
CVE-2020-13325 1 Gitlab 1 Gitlab 2020-10-02 5.5 MEDIUM 7.1 HIGH
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.
CVE-2020-13328 1 Gitlab 1 Gitlab 2020-10-02 3.5 LOW 4.8 MEDIUM
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.
CVE-2020-13329 1 Gitlab 1 Gitlab 2020-10-02 3.5 LOW 6.5 MEDIUM
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.
CVE-2020-13330 1 Gitlab 1 Gitlab 2020-10-02 3.5 LOW 5.4 MEDIUM
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.
CVE-2020-13331 1 Gitlab 1 Gitlab 2020-10-02 3.5 LOW 5.4 MEDIUM
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.
CVE-2020-13326 1 Gitlab 1 Gitlab 2020-10-02 3.5 LOW 4.3 MEDIUM
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.
CVE-2020-13315 1 Gitlab 1 Gitlab 2020-09-21 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
CVE-2020-13309 1 Gitlab 1 Gitlab 2020-09-21 6.5 MEDIUM 8.8 HIGH
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
CVE-2020-13308 1 Gitlab 1 Gitlab 2020-09-18 4.0 MEDIUM 2.7 LOW
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
CVE-2020-13307 1 Gitlab 1 Gitlab 2020-09-18 6.0 MEDIUM 4.7 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.
CVE-2020-13302 1 Gitlab 1 Gitlab 2020-09-17 6.5 MEDIUM 7.2 HIGH
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
CVE-2020-13305 1 Gitlab 1 Gitlab 2020-09-17 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
CVE-2020-13301 1 Gitlab 1 Gitlab 2020-09-16 3.5 LOW 4.8 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
CVE-2020-13306 1 Gitlab 1 Gitlab 2020-09-16 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
CVE-2020-13310 1 Gitlab 1 Gitlab 2020-09-16 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
CVE-2020-13289 1 Gitlab 1 Gitlab 2020-09-16 5.5 MEDIUM 5.4 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
CVE-2020-13287 1 Gitlab 1 Gitlab 2020-09-16 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues