Skip to main content

Gitlab

1245 CVEs vendor

Monthly

CVE-2020-26407 MEDIUM This Month

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13359 HIGH This Week

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Gitlab Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2020-13356 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
1.8%
CVE-2020-13355 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-26405 HIGH This Week

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2020-13349 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-13348 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2020-13351 MEDIUM This Month

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-13350 MEDIUM This Month

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-26406 MEDIUM This Month

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-13358 MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13354 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-13352 MEDIUM This Month

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-27986 HIGH POC THREAT This Week

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Sonarqube
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2020-13327 HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure Runner
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13341 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Memory Corruption Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2020-13344 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-13340 HIGH This Week

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
8.7
EPSS
68.6%
CVE-2020-13339 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-13342 LOW Monitor

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2020-13347 CRITICAL Act Now

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Docker Gitlab Path Traversal
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2020-13346 MEDIUM This Month

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-13335 MEDIUM This Month

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-13334 HIGH This Week

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-13345 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 10.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-13343 HIGH POC This Week

An issue has been discovered in GitLab affecting all versions starting from 11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-13333 MEDIUM POC This Month

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-13338 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13337 MEDIUM This Month

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-13336 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-13331 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13330 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13329 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-13328 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-13326 MEDIUM This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-13325 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-13324 MEDIUM POC This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-13323 HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2020-13322 HIGH POC This Week

A vulnerability was discovered in GitLab versions after 12.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-13321 HIGH POC This Week

A vulnerability was discovered in GitLab versions prior to 13.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
1.4%
CVE-2020-13320 MEDIUM POC This Month

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-13319 MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-13296 HIGH This Week

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-13308 LOW Monitor

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-13307 MEDIUM PATCH This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
1.0%
CVE-2020-13303 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-13315 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13310 MEDIUM This Month

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-13309 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-13306 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-13305 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13304 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-13302 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-13301 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-13298 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
1.2%
CVE-2020-13297 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-13317 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2020-13314 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-13313 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-13312 CRITICAL Act Now

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-13311 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-13318 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2020-13316 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-13300 CRITICAL Act Now

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2020-13299 HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-13289 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-13287 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-13284 MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-13286 MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-13281 MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-13285 MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-13283 MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-13282 LOW Monitor

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.7%
CVE-2020-13280 MEDIUM POC This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5415 Go CRITICAL PATCH Act Now

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2020-13291 HIGH This Week

In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-13290 HIGH This Week

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-13288 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
4.0%
CVE-2020-13295 HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-13294 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-13293 HIGH This Week

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-13292 CRITICAL Act Now

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2020-14001 Ruby CRITICAL PATCH Act Now

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Gitlab RCE Authentication Bypass Kramdown Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-2228 Maven HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation Authentication Bypass Gitlab Authentication
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15525 MEDIUM This Month

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-13279 HIGH This Week

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE Gitlab Vscode Extension
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2020-13264 MEDIUM This Month

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-13263 HIGH This Week

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13261 LOW Monitor

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2020-13276 MEDIUM This Month

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
EPSS 1% CVSS 5.4
MEDIUM This Month

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 7.6
HIGH This Week

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 8.2
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 8.1
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 16% CVSS 7.5
HIGH POC THREAT This Week

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Sonarqube
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Memory Corruption Information Disclosure
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Redis Information Disclosure
NVD
EPSS 69% CVSS 8.7
HIGH This Week

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 2.7
LOW Monitor

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Docker +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 10.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue has been discovered in GitLab affecting all versions starting from 11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 12.10.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability was discovered in GitLab versions prior to 13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.7
HIGH This Week

A vulnerability was discovered in GitLab versions prior 13.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was discovered in GitLab versions after 12.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 8.3
HIGH POC This Week

A vulnerability was discovered in GitLab versions prior to 13.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 2.7
LOW Monitor

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.3
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 3.5
LOW Monitor

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Gitlab Authentication Bypass Concourse
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.2
HIGH This Week

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 4% CVSS 4.8
MEDIUM This Month

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
EPSS 1% CVSS 8.8
HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 7.1
HIGH This Week

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Gitlab RCE Authentication Bypass +4
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Gitlab Privilege Escalation +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user system. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE Gitlab Vscode Extension
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Gitlab Information Disclosure
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
Prev Page 11 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy