CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gitlab : Security Vulnerabilities Published In 2020 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-13325 DoS 2020-09-30 2020-10-02
5.5
None Remote Low ??? None Partial Partial
A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.
2 CVE-2020-13315 DoS 2020-09-14 2020-09-21
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
3 CVE-2020-13310 DoS 2020-09-14 2020-09-16
4.0
None Remote Low ??? None None Partial
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
4 CVE-2020-13306 770 DoS 2020-09-14 2020-09-16
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
5 CVE-2020-13281 20 DoS 2020-08-13 2021-07-21
4.0
None Remote Low ??? None None Partial
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
6 CVE-2020-13274 400 DoS 2020-06-19 2021-07-21
5.0
None Remote Low Not required None None Partial
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
7 CVE-2020-13273 400 DoS 2020-06-19 2021-07-21
7.8
None Remote Low Not required None None Complete
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
8 CVE-2020-10089 674 DoS 2020-03-13 2020-03-17
5.0
None Remote Low Not required None None Partial
GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,
9 CVE-2020-10082 DoS 2020-03-13 2020-03-17
5.0
None Remote Low Not required None None Partial
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
10 CVE-2020-10073 862 DoS 2020-03-13 2021-07-21
5.0
None Remote Low Not required None None Partial
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
11 CVE-2020-7978 DoS 2020-02-05 2020-02-06
5.0
None Remote Low Not required None None Partial
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
12 CVE-2019-20142 DoS 2020-01-13 2020-08-24
4.0
None Remote Low ??? None None Partial
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.
13 CVE-2019-19313 20 DoS 2020-01-05 2021-07-21
5.0
None Remote Low Not required None None Partial
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.