PT-2020-13408 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.8 through 13.0.1 Description: A Stored Cross-Site Scripting issue allowed the execution of Javascript payloads on the Metrics Dashboard. Recommendations: For GitLab CE/EE versions 12.8 through 13.0.1, update to a...

CVE-2020-13266

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...