GitLab < 13.3.9 (CVE-2020-13350)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4....

CVE-2020-13348

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are =10.2, =13.4, =13.5, 13.5.2...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When importing repos via URL, one time use git credentials were persisted beyond the expected time window. Remediation Upgrade gitaly to version 13.3.9, 13.4.5, 13.5.2 or higher...

PT-2020-13499 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1 Description: A vulnerability in the internal Kubernetes agent api in GitLab CE/EE allows unauthorized access to...