Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-19
CVE-2020-13276
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
7.4
EPSS Score
0.001
Published
2020-06-19
CVE-2020-14931
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-06-19
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-19
CVE-2020-13265
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-19
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
CVSS Score
7.5
EPSS Score
0.001
Published
2020-06-19
CVE-2020-13273
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-13275
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
CVSS Score
8.0
EPSS Score
0.001
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved