CVE-2020-13315

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service...

UBUNTU-CVE-2020-13311

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface...

PT-2020-13458 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that involves an insufficient check in the GraphQL API. This issue allows a maintainer to delete a...

UBUNTU-CVE-2020-13280

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message...

PT-2020-13421 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A memory exhaustion flaw exists due to excessive logging of an invite email error message. Recommendations: For versions prior to...

PT-2020-13423 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue arises after a group transfer occurs, where members from a parent group retain their access level on the subgroup, resulti...

UBUNTU-CVE-2020-13290

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page...

PT-2020-13429 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A stored XSS issue exists in the CI/CD Jobs page, allowing for potential exploitation. Recommendations: For versions prior to 13.0.1...

PT-2020-13431 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue is related to improper access control on the Applications page. Recommendations: For versions prior to 13.0.12, update to...

UBUNTU-CVE-2020-13293

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash...

UBUNTU-CVE-2020-13274

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1...

UBUNTU-CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

PT-2020-13411 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 through 13.0.1 Description: A missing permission check on fork relation creation in GitLab CE/EE allows guest users to create a fork relation on restricted public projects via the API. Recommendations: For GitLab...

UBUNTU-CVE-2020-12276

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature...

PT-2020-12463 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 8.11 through 12.9 Description: The issue is related to information leakage on Issues opened in a public project and then moved to a private project. This leakage occurs through both the Web-UI and the GraphQL API...

PT-2020-12460 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 10.8 through 12.9 Description: The issue is related to the leakage of metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. Recommendations: For GitLab EE/CE versions 10.8...

PT-2020-12447 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...

PT-2020-11907 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 12.8.1 Description: A denial of service issue was found, impacting the designs for public issues. Recommendations: For GitLab versions 12.2 through 12.8.1, update to a version that contains a fix for this issue to...

PT-2020-11901 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.1 through 12.8.1 Description: A stored cross-site scripting issue was found when displaying merge requests, allowing for XSS attacks. Recommendations: For versions 12.1 through 12.8.1, update to a version that contains a fi...

PT-2020-11910 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.3.5 through 12.8.1 Description: The issue allows information disclosure. A particular view was exposing merge private merge request titles. Recommendations: For GitLab versions 12.3.5 through 12.8.1, update to a version tha...