|
209711
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a …
|
NVD-CWE-noinfo
|
CVE-2020-13315
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209712
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial …
|
NVD-CWE-noinfo
|
CVE-2020-13310
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209713
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-13309
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209714
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
|
CWE-20
Improper Input Validation
|
CVE-2020-13317
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209715
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error …
|
NVD-CWE-Other
|
CVE-2020-13314
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209716
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13313
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209717
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13312
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209718
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the use…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-13311
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209719
|
7.3 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
|
NVD-CWE-noinfo
|
CVE-2020-13318
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209720
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
|
NVD-CWE-noinfo
|
CVE-2020-13316
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
