CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab » Gitlab : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2020-13325 DoS 2020-09-30 2020-10-02
5.5
None Remote Low ??? None Partial Partial
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.
202 CVE-2020-13324 2020-09-30 2020-10-08
3.5
None Remote Medium ??? Partial None None
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.
203 CVE-2020-13323 863 2020-09-30 2021-07-21
4.3
None Remote Medium Not required Partial None None
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos
204 CVE-2020-13322 863 2020-09-30 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.
205 CVE-2020-13321 Bypass 2020-09-30 2020-10-02
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.
206 CVE-2020-13320 863 2020-09-30 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.
207 CVE-2020-13319 862 2020-09-30 2020-10-02
4.0
None Remote Low ??? None Partial None
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.
208 CVE-2020-13318 863 2020-09-14 2021-07-21
4.9
None Remote Medium ??? Partial Partial None
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
209 CVE-2020-13317 20 2020-09-14 2020-09-16
4.0
None Remote Low ??? None Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
210 CVE-2020-13316 862 2020-09-14 2021-07-21
4.0
None Remote Low ??? Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
211 CVE-2020-13315 DoS 2020-09-14 2020-09-21
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
212 CVE-2020-13314 2020-09-14 2020-09-16
5.0
None Remote Low Not required None Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.
213 CVE-2020-13313 863 2020-09-14 2020-09-16
4.0
None Remote Low ??? None Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
214 CVE-2020-13312 522 2020-09-14 2021-07-21
5.0
None Remote Low Not required Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
215 CVE-2020-13311 74 2020-09-14 2021-07-21
4.0
None Remote Low ??? None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.
216 CVE-2020-13310 DoS 2020-09-14 2020-09-16
4.0
None Remote Low ??? None None Partial
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
217 CVE-2020-13309 918 2020-09-14 2020-09-21
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
218 CVE-2020-13308 281 2020-09-15 2020-09-18
4.0
None Remote Low ??? None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
219 CVE-2020-13307 613 2020-09-15 2020-09-18
6.0
None Remote Medium ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access.
220 CVE-2020-13306 770 DoS 2020-09-14 2020-09-16
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
221 CVE-2020-13305 613 2020-09-14 2020-09-17
4.0
None Remote Low ??? Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
222 CVE-2020-13304 287 2020-09-14 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.
223 CVE-2020-13303 863 2020-09-15 2021-07-21
4.0
None Remote Low ??? Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.
224 CVE-2020-13302 613 2020-09-14 2020-09-17
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
225 CVE-2020-13301 79 XSS 2020-09-14 2020-09-16
3.5
None Remote Medium ??? None Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
226 CVE-2020-13300 863 2020-09-14 2020-09-16
6.4
None Remote Low Not required Partial Partial None
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
227 CVE-2020-13299 613 2020-09-14 2020-09-16
5.5
None Remote Low ??? Partial Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.
228 CVE-2020-13298 20 2020-09-14 2021-07-21
5.0
None Remote Low Not required Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.
229 CVE-2020-13297 287 Bypass 2020-09-14 2021-07-21
4.9
None Remote Medium ??? Partial Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.
230 CVE-2020-13296 862 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens
231 CVE-2020-13294 2020-08-10 2020-10-06
5.5
None Remote Low ??? Partial Partial None
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
232 CVE-2020-13293 704 2020-08-10 2021-07-21
5.5
None Remote Low ??? None Partial Partial
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
233 CVE-2020-13292 287 Bypass 2020-08-10 2020-08-11
5.5
None Remote Low ??? Partial Partial None
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
234 CVE-2020-13291 2020-08-12 2020-08-17
5.5
None Remote Low ??? Partial Partial None
In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.
235 CVE-2020-13290 287 2020-08-12 2021-12-22
6.5
None Remote Low ??? Partial Partial Partial
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
236 CVE-2020-13289 306 2020-09-14 2020-09-16
5.5
None Remote Low ??? Partial Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.
237 CVE-2020-13288 79 XSS 2020-08-12 2020-08-14
3.5
None Remote Medium ??? None Partial None
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
238 CVE-2020-13287 2020-09-14 2020-09-16
4.0
None Remote Low ??? Partial None None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues
239 CVE-2020-13286 918 2020-08-13 2020-08-14
4.0
None Remote Low ??? None Partial None
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
240 CVE-2020-13285 79 XSS 2020-08-13 2021-05-03
3.5
None Remote Medium ??? None Partial None
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
241 CVE-2020-13284 863 2020-09-14 2020-09-16
5.5
None Remote Low ??? Partial Partial None
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token
242 CVE-2020-13283 79 XSS 2020-08-13 2020-08-14
3.5
None Remote Medium ??? None Partial None
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
243 CVE-2020-13282 281 2020-08-13 2020-08-19
4.9
None Remote Medium ??? Partial Partial None
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
244 CVE-2020-13281 20 DoS 2020-08-13 2021-07-21
4.0
None Remote Low ??? None None Partial
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
245 CVE-2020-13280 400 2020-08-13 2020-08-19
4.0
None Remote Low ??? None None Partial
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
246 CVE-2020-13277 863 2020-06-19 2020-06-29
4.0
None Remote Low ??? Partial None None
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
247 CVE-2020-13276 863 2020-06-19 2021-07-21
4.0
None Remote Low ??? None Partial None
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
248 CVE-2020-13275 863 2020-06-19 2021-07-21
5.5
None Remote Low ??? Partial Partial None
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
249 CVE-2020-13274 400 DoS 2020-06-19 2021-07-21
5.0
None Remote Low Not required None None Partial
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
250 CVE-2020-13273 400 DoS 2020-06-19 2021-07-21
7.8
None Remote Low Not required None None Complete
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
Total number of vulnerabilities : 599   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.