A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-09-14
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
CVSS Score
3.8
EPSS Score
0.002
Published
2020-09-14
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-13
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
CVSS Score
7.5
EPSS Score
0.002
Published
2020-08-12
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-08-10
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
CVSS Score
4.2
EPSS Score
0.003
Published
2020-08-10
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
7.4
EPSS Score
0.001
Published
2020-06-19
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-15