GitLab 12.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26407)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a...

Cross-site Scripting in wiki manager join wiki page

Impact We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page WikiManager.JoinWiki with wiki editor and chan...

PT-2020-16421 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 8.4 through 13.4.6 GitLab EE versions 13.5 through 13.5.4 GitLab EE versions 13.6 through 13.6.1 Description: The issue is related to information disclosure in the Advanced Search component of GitLab EE, starting from versi...