A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-09-14
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVSS Score
6.4
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip.
CVSS Score
7.3
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
CVSS Score
3.1
EPSS Score
0.001
Published
2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title.
CVSS Score
7.3
EPSS Score
0.001
Published
2020-08-13
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page
CVSS Score
5.5
EPSS Score
0.002
Published
2020-08-12
In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page
CVSS Score
7.5
EPSS Score
0.002
Published
2020-08-12
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-08-10