Gitlab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-26405 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 7.1 HIGH· v3 5.5 MEDIUM· v2 Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <1...Show more Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.Show less
CVE-2020-13349 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected...Show more An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.Show less
CVE-2020-13348 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 5.7 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9...Show more An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.Show less
CVE-2020-13351 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13....Show more Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2.Show less
CVE-2020-13350 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5...Show more CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.Show less
CVE-2020-26406 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility re...Show more Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.Show less
CVE-2020-13358 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.
CVE-2020-13354 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high C...Show more A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.Show less
CVE-2020-13353 1Gitlab 1Gitaly Nov 21, 2024 Nov 17, 2020 N/A· v4 3.2 LOW· v3 2.1 LOW· v2 When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
CVE-2020-13352 1Gitlab 1Gitlab Nov 21, 2024 Nov 17, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE-2020-13327 1Gitlab 1Runner Nov 21, 2024 Oct 22, 2020 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner...Show more An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes EnvironmentsShow less
CVE-2020-13341 1Gitlab 1Gitlab Nov 21, 2024 Oct 12, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
CVE-2020-13344 1Gitlab 1Gitlab Nov 21, 2024 Oct 8, 2020 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that...Show more An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in RedisShow less
CVE-2020-13340 1Gitlab 1Gitlab Nov 21, 2024 Oct 8, 2020 N/A· v4 8.7 HIGH· v3 3.5 LOW· v2 An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
CVE-2020-13339 1Gitlab 1Gitlab Nov 21, 2024 Oct 8, 2020 N/A· v4 6.5 MEDIUM· v3 6.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
CVE-2020-13342 1Gitlab 1Gitlab Nov 21, 2024 Oct 7, 2020 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
CVE-2020-13347 1Gitlab 1Gitlab Nov 21, 2024 Oct 7, 2020 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run ar...Show more A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.Show less
CVE-2020-13346 1Gitlab 1Gitlab Nov 21, 2024 Oct 7, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
CVE-2020-13335 1Gitlab 1Gitlab Nov 21, 2024 Oct 7, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
CVE-2020-13334 1Gitlab 1Gitlab Nov 21, 2024 Oct 7, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

Previous 1...474849...70 Next