Gitlab

GitLab

1271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-13349

  • EPSS 0.17%
  • Veröffentlicht 17.11.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:05

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>...

7.1

CVE-2020-26405

  • EPSS 0.54%
  • Veröffentlicht 17.11.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:19:52

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

4.3

CVE-2020-13350

  • EPSS 0.17%
  • Veröffentlicht 17.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:05

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.

6.5

CVE-2020-13351

  • EPSS 0.26%
  • Veröffentlicht 17.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:05

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>...

5.3

CVE-2020-13352

  • EPSS 0.24%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:05

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

4.3

CVE-2020-13354

  • EPSS 0.56%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:06

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions ar...

5.5

CVE-2020-13358

  • EPSS 0.05%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:01:06

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.

5.3

CVE-2020-26406

  • EPSS 0.27%
  • Veröffentlicht 17.11.2020 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:19:52

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest memb...

4.9

CVE-2020-13341

  • EPSS 0.16%
  • Veröffentlicht 12.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

4.4

CVE-2020-13344

  • EPSS 0.08%
  • Veröffentlicht 08.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:04

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis