|
211651
|
4.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.
|
CWE-843
Type Confusion
|
CVE-2020-13341
|
2024-11-21 14:01 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211652
|
4.6 |
MEDIUM
Physics
|
oneplus
|
app_locker
|
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
|
CWE-862
Missing Authorization
|
CVE-2020-13626
|
2024-11-21 14:01 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211653
|
4.4 |
MEDIUM
Local
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-13344
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211654
|
8.7 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
|
CWE-79
Cross-site Scripting
|
CVE-2020-13340
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211655
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13339
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211656
|
2.7 |
LOW
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13342
|
2024-11-21 14:01 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211657
|
9.1 |
CRITICAL
Network
|
gitlab
|
gitlab
|
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows t…
|
CWE-22
Path Traversal
|
CVE-2020-13347
|
2024-11-21 14:01 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211658
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.
|
CWE-459
Incomplete Cleanup
|
CVE-2020-13346
|
2024-11-21 14:01 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211659
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13335
|
2024-11-21 14:01 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211660
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query
|
CWE-863
Incorrect Authorization
|
CVE-2020-13334
|
2024-11-21 14:01 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
