OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
CVSS Score
7.5
EPSS Score
0.001
Published
2020-06-19
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
CVSS Score
8.0
EPSS Score
0.001
Published
2020-06-19
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
CVSS Score
6.3
EPSS Score
0.046
Published
2020-06-19
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-15
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-10
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-04-29