1595 matches found
UBUNTU-CVE-2020-13346
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...
UBUNTU-CVE-2020-13334
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query...
UBUNTU-CVE-2020-13345
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes...
UBUNTU-CVE-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...
PT-2020-13484 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 11.2 and later Description: An issue has been discovered in GitLab that allows unauthorized users to view custom project templates. Recommendations: For GitLab versions 11.2 and later, at the moment, there is no information...
PT-2020-13474 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.1 through 13.3 Description: A potential DOS issue was discovered. The API to update an asset as a link from a release had a regex check which caused an exponential number of backtracks for certain user-supplied values,...
UBUNTU-CVE-2020-13336
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature...
UBUNTU-CVE-2020-13326
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed...
UBUNTU-CVE-2020-13324
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API...
UBUNTU-CVE-2020-13323
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos...
UBUNTU-CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
UBUNTU-CVE-2020-13296
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
UBUNTU-CVE-2020-13330
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature...
UBUNTU-CVE-2020-13331
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges...
GitLab Github Project Import Restriction Bypass Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A Github project import restriction bypass vulnerability exists in GitLab versions prior to 13.1. A...
GitLab Username Format Restriction Bypass Vulnerability
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A vulnerability exists in GitLab versions prior to 13.1 that can be exploited to bypass the usernam...
GitLab Cross-Site Scripting Vulnerability (CNVD-2020-58040)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...
GitLab Cross-Site Scripting Vulnerability (CNVD-2020-57835)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...
GitLab Cross-Site Scripting Vulnerability (CNVD-2020-57834)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab...
GitLab Authorization Issues Vulnerability (CNVD-2020-57832)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...