VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2020-13302Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.

  • CVE-2020-13297Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.

  • CVE-2020-13304Sep 14, 2020
    risk 0.00cvss epss 0.02

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.

  • CVE-2020-13314Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.

  • CVE-2020-13311Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.

  • CVE-2020-13312Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.

  • CVE-2020-13313Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

  • CVE-2020-13317Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.

  • CVE-2020-13318Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.

  • CVE-2020-13284Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token

  • CVE-2020-13289Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.

  • CVE-2020-13287Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues

  • CVE-2020-13316Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.

  • CVE-2020-13299Sep 14, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.

  • CVE-2020-13300Sep 14, 2020
    risk 0.00cvss epss 0.01

    GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

  • CVE-2020-13286Aug 13, 2020
    risk 0.00cvss epss 0.01

    For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.

  • CVE-2020-13281Aug 13, 2020
    risk 0.00cvss epss 0.01

    For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature

  • CVE-2020-13280Aug 13, 2020
    risk 0.00cvss epss 0.01

    For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.

  • CVE-2020-13285Aug 13, 2020
    risk 0.00cvss epss 0.01

    For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.

  • CVE-2020-13283Aug 13, 2020
    risk 0.00cvss epss 0.01

    For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.

Page 51 of 61