|
217981
|
5.7 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected version…
|
NVD-CWE-noinfo
|
CVE-2020-13348
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217982
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affect…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13351
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217983
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.…
|
CWE-352
Origin Validation Error
|
CVE-2020-13350
|
2024-11-21 14:01 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217984
|
5.5 |
MEDIUM
Local
|
gitlab
|
gitlab
|
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13…
|
NVD-CWE-noinfo
|
CVE-2020-13358
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217985
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied value…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2020-13354
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217986
|
3.2 |
LOW
Local
|
gitlab
|
gitaly
|
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-13353
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217987
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.…
|
NVD-CWE-noinfo
|
CVE-2020-13352
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217988
|
5.4 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremain…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13773
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217989
|
5.3 |
MEDIUM
Network
|
ivanti
|
endpoint_manager
|
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no …
|
NVD-CWE-noinfo
|
CVE-2020-13772
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217990
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
|
CWE-89
SQL Injection
|
CVE-2020-13769
|
2024-11-21 14:01 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
