|
213991
|
4.7 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13307
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213992
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public …
|
CWE-287
Improper Authentication
|
CVE-2020-13303
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213993
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-13306
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213994
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13305
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213995
|
7.2 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-13304
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213996
|
7.2 |
HIGH
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a u…
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13302
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213997
|
4.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13301
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213998
|
5.8 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limi…
|
NVD-CWE-noinfo
|
CVE-2020-13298
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213999
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a s…
|
NVD-CWE-noinfo
|
CVE-2020-13297
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214000
|
10.0 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
|
CWE-863
Incorrect Authorization
|
CVE-2020-13300
|
2024-11-21 14:00 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
