Lucene search
K

489 matches found

OSV
OSV
added 2020/09/14 8:15 p.m.3 views

UBUNTU-CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

4.3CVSS5.8AI score0.01498EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/14 12:0 a.m.5 views

PT-2020-13458 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that involves an insufficient check in the GraphQL API. This issue allows a maintainer to delete a...

6.5CVSS5.2AI score0.01434EPSS
Exploits0References11
OSV
OSV
added 2020/08/13 1:15 p.m.1 views

UBUNTU-CVE-2020-13280

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message...

6.5CVSS5.8AI score0.0105EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/08/13 12:0 a.m.4 views

PT-2020-13421 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A memory exhaustion flaw exists due to excessive logging of an invite email error message. Recommendations: For versions prior to...

6.5CVSS6.3AI score0.0105EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2020/08/13 12:0 a.m.4 views

PT-2020-13423 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises after a group transfer occurs, where members from a parent group retain their access level on the subgroup, resulti...

4.9CVSS3.7AI score0.00683EPSS
Exploits0References11
OSV
OSV
added 2020/08/12 3:15 p.m.5 views

UBUNTU-CVE-2020-13290

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page...

7.5CVSS5.8AI score0.01112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.4 views

PT-2020-13429 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A stored XSS issue exists in the CI/CD Jobs page, allowing for potential exploitation. Recommendations: For versions prior to 13.0.1...

5.5CVSS4.8AI score0.04045EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.3 views

PT-2020-13431 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue is related to improper access control on the Applications page. Recommendations: For versions prior to 13.0.12, update to...

7.5CVSS6.8AI score0.01112EPSS
Exploits0References11
OSV
OSV
added 2020/08/10 2:15 p.m.3 views

UBUNTU-CVE-2020-13293

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash...

7.1CVSS5.8AI score0.01041EPSS
Exploits0References6
OSV
OSV
added 2020/06/19 10:15 p.m.1 views

UBUNTU-CVE-2020-13274

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1...

7.5CVSS5.8AI score0.01149EPSS
Exploits0References4
OSV
OSV
added 2020/06/10 3:15 p.m.2 views

UBUNTU-CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

6.1CVSS6.1AI score0.01531EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.3 views

PT-2020-13411 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 through 13.0.1 Description: A missing permission check on fork relation creation in GitLab CE/EE allows guest users to create a fork relation on restricted public projects via the API. Recommendations: For GitLab...

8.8CVSS8.3AI score0.01412EPSS
Exploits0References11
OSV
OSV
added 2020/04/29 5:15 p.m.1 views

UBUNTU-CVE-2020-12276

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature...

4.8CVSS5.8AI score0.00552EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/04/08 12:0 a.m.4 views

PT-2020-12460 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 10.8 through 12.9 Description: The issue is related to the leakage of metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. Recommendations: For GitLab EE/CE versions 10.8...

4.3CVSS4.7AI score0.0077EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/04/08 12:0 a.m.8 views

PT-2020-12463 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 8.11 through 12.9 Description: The issue is related to information leakage on Issues opened in a public project and then moved to a private project. This leakage occurs through both the Web-UI and the GraphQL API...

5.3CVSS4.8AI score0.01136EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/03/27 12:0 a.m.4 views

PT-2020-12447 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...

9.8CVSS9AI score0.01448EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2020/03/13 12:0 a.m.6 views

PT-2020-11901 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 12.8.1 Description: A stored cross-site scripting issue was found when displaying merge requests, allowing for XSS attacks. Recommendations: For versions 12.1 through 12.8.1, update to a version that contains a fi...

6.1CVSS5.9AI score0.00691EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/03/13 12:0 a.m.7 views

PT-2020-11907 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 12.8.1 Description: A denial of service issue was found, impacting the designs for public issues. Recommendations: For GitLab versions 12.2 through 12.8.1, update to a version that contains a fix for this issue to...

5.3CVSS5AI score0.01107EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/03/13 12:0 a.m.5 views

PT-2020-11910 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.3.5 through 12.8.1 Description: The issue allows information disclosure. A particular view was exposing merge private merge request titles. Recommendations: For GitLab versions 12.3.5 through 12.8.1, update to a version tha...

5.3CVSS4.9AI score0.00929EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.5 views

PT-2020-12191 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8.x through 12.8.5 Description: The issue allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address when sign-up is enabled. Recommendations: For GitLab...

5.3CVSS5.1AI score0.01016EPSS
Exploits0References6
Rows per page
Query Builder