Total
809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20500 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token. | |||||
| CVE-2018-19584 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups. | |||||
| CVE-2018-19582 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user. | |||||
| CVE-2018-19575 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue. | |||||
| CVE-2018-18649 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. | |||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.9 MEDIUM | 3.5 LOW |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | |||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2020-08-17 | 5.5 MEDIUM | 8.1 HIGH |
| In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | |||||
| CVE-2020-13283 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 3.5 LOW | 5.4 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | |||||
| CVE-2020-13286 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | |||||
| CVE-2020-13288 | 1 Gitlab | 1 Gitlab | 2020-08-14 | 3.5 LOW | 4.8 MEDIUM |
| In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | |||||
| CVE-2020-13292 | 1 Gitlab | 1 Gitlab | 2020-08-11 | 5.5 MEDIUM | 9.6 CRITICAL |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. | |||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2020-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
| CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2020-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | |||||
| CVE-2020-13264 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | |||||
| CVE-2020-13265 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | |||||
| CVE-2020-13271 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-13269 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | |||||
| CVE-2020-13267 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | |||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2020-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | |||||