Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  Security Vulnerabilities
CVE-2020-13270
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-10
CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-10
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-09
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-05-07
CVE-2020-12277
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12276
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-04-29
CVE-2020-11505
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
CVE-2020-11506
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
CVE-2020-11649
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved