|
209591
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial …
|
NVD-CWE-noinfo
|
CVE-2020-13310
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209592
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-13309
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209593
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.
|
CWE-20
Improper Input Validation
|
CVE-2020-13317
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209594
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error …
|
NVD-CWE-Other
|
CVE-2020-13314
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209595
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13313
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209596
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-13312
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209597
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the use…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2020-13311
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209598
|
7.3 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
|
NVD-CWE-noinfo
|
CVE-2020-13318
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209599
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.
|
NVD-CWE-noinfo
|
CVE-2020-13316
|
2024-11-21 14:01 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209600
|
9.8 |
CRITICAL
Network
|
erlang
|
rebar3
|
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
|
CWE-78
OS Command
|
CVE-2020-13802
|
2024-11-21 14:01 |
2020-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
