Gitlab

Gitlab

1257 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-13352

  • EPSS 0.24%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:05

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

4.3

CVE-2020-13354

  • EPSS 0.56%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:06

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions ar...

5.5

CVE-2020-13358

  • EPSS 0.05%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:06

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.

5.3

CVE-2020-26406

  • EPSS 0.27%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:19:52

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest memb...

4.9

CVE-2020-13341

  • EPSS 0.16%
  • Veröffentlicht 12.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

4.4

CVE-2020-13344

  • EPSS 0.07%
  • Veröffentlicht 08.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

6.5

CVE-2020-13339

  • EPSS 0.3%
  • Veröffentlicht 08.10.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.

8.7

CVE-2020-13340

  • EPSS 1.39%
  • Veröffentlicht 08.10.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

4

CVE-2020-13342

  • EPSS 0.13%
  • Veröffentlicht 07.10.2020 16:15:16
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email

7.5

CVE-2020-13334

  • EPSS 0.17%
  • Veröffentlicht 07.10.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:03

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query