|
209531
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server.…
|
CWE-22
Path Traversal
|
CVE-2020-13355
|
2024-11-21 14:01 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209532
|
6.8 |
MEDIUM
Physics
|
westerndigital
linaro
|
inand_cl_em132_firmware
inand_ix_em132_firmware
inand_ix_em132_xi_firmware
op-tee
|
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions o…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-13799
|
2024-11-21 14:01 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209533
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic ba…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13349
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209534
|
5.7 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected version…
|
NVD-CWE-noinfo
|
CVE-2020-13348
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209535
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affect…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13351
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209536
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.…
|
CWE-352
Origin Validation Error
|
CVE-2020-13350
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209537
|
5.5 |
MEDIUM
Local
|
gitlab
|
gitlab
|
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13…
|
NVD-CWE-noinfo
|
CVE-2020-13358
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209538
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied value…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13354
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209539
|
3.2 |
LOW
Local
|
gitlab
|
gitaly
|
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13353
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209540
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.…
|
NVD-CWE-noinfo
|
CVE-2020-13352
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
