Skip to main content
CVE-2020-26406 MEDIUM This Month

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-13352 MEDIUM This Month

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-25833 MEDIUM This Month

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Idol
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-10776 MEDIUM PATCH This Month

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Keycloak
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-25746 MEDIUM This Month

QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qubi3 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-13349 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-13350 MEDIUM This Month

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-13354 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-13353 LOW PATCH Monitor

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gitaly
NVD
CVSS 3.1
3.2
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy