Total
34298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13327 | 1 Gitlab | 1 Runner | 2024-11-21 | 6.0 MEDIUM | 6.0 MEDIUM |
| An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments | |||||
| CVE-2020-13326 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. | |||||
| CVE-2020-13325 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. | |||||
| CVE-2020-13324 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. | |||||
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 7.7 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
| CVE-2020-13321 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
| A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. | |||||
| CVE-2020-13320 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. | |||||
| CVE-2020-13318 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | |||||
| CVE-2020-13316 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. | |||||
| CVE-2020-13315 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. | |||||
| CVE-2020-13310 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. | |||||
| CVE-2020-13298 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.2 HIGH |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. | |||||
| CVE-2020-13297 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 3.8 LOW |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. | |||||
| CVE-2020-13294 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 4.2 MEDIUM |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | |||||
| CVE-2020-13293 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 6.3 MEDIUM |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. | |||||
| CVE-2020-13291 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | |||||
| CVE-2020-13287 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues | |||||
| CVE-2020-13275 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 8.0 HIGH |
| A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | |||||
| CVE-2020-13274 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | |||||
| CVE-2020-13273 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | |||||