GitLab Authorization Issues Vulnerability (CNVD-2020-57831)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...

PT-2020-13477 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.8 through 12.10.13 Description: An issue has been discovered in GitLab, where it was vulnerable to a stored XSS in the error tracking feature. Recommendations: For versions 11.8 through 12.10.13, update to version 12.10.13 ...

PT-2020-13467 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1 Description: A vulnerability was discovered that allows the restriction for Github project import to be bypassed under certain conditions. Recommendations: For versions prior to 13.1, update to version 13.1 or...

PT-2020-13465 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1 Description: A vulnerability was discovered that could expose the private activity of a user under certain conditions via the API. Recommendations: For versions prior to 13.1, update to version 13.1 or later to...

PT-2020-13470 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.10.13 Description: An issue has been discovered in GitLab where it is vulnerable to a stored XSS in the blob view feature. Recommendations: For versions prior to 12.10.13, update to version 12.10.13 or later to...

PT-2020-13461 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.10.13 Description: An issue has been discovered that allowed a project member with limited permissions to view the project security dashboard. Recommendations: For versions prior to 12.10.13, update to version...

GitLab Authentication Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authentication vulnerability was discovered in GitLab...

GitLab Session Fixation Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A session fixation vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4. Th...

GitLab Denial of Service Vulnerability (CNVD-2020-52396)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. A denial of service vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and 13.3.4. T...

GitLab Improper Authorization Vulnerability (CNVD-2020-52425)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An improper authorization vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and...

UBUNTU-CVE-2020-13298

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure...

UBUNTU-CVE-2020-13305

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project...

UBUNTU-CVE-2020-13302

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password...

UBUNTU-CVE-2020-13315

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service...

UBUNTU-CVE-2020-13314

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages...

UBUNTU-CVE-2020-13317

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository...

UBUNTU-CVE-2020-13289

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated...

PT-2020-13457 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab where it failed to validate a Deploy-Token, allowing access to a disabled repository via a...

PT-2020-13452 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that makes the Wiki functionality vulnerable to a parser attack, prohibiting access through the user...

PT-2020-13439 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab where the Conan package upload functionality did not properly validate the supplied...