Gitlab: >> Gitlab >> 12.10.13 Security Vulnerabilities
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
CVSS Score
7.3
EPSS Score
0.001
Published
2020-08-13
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
CVSS Score
7.5
EPSS Score
0.002
Published
2020-08-12
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-08-10
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-08-10
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
CVSS Score
4.2
EPSS Score
0.003
Published
2020-08-10
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-07-07
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
CVSS Score
6.3
EPSS Score
0.046
Published
2020-06-19
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
CVSS Score
6.1
EPSS Score
0.005
Published
2020-06-10
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-10
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-09