Page 108 of 626 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab era vulnerable a un ataque de tipo SSRF ciego por medio de la funcionalidad repository mirroring • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13309.json https://gitlab.com/gitlab-org/gitlab/-/issues/215879 https://hackerone.com/reports/860196 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.3, 13.2.3 y 13.3.1. Era posible hacer que el proceso gitlab-runner se bloqueara mediante el envío de consultas malformadas resultando en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857 https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La página profile activity no estaba restringiendo la cantidad de resultados que uno podía requerir, resultando potencialmente en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13315.json https://gitlab.com/gitlab-org/gitlab/-/issues/25825 https://hackerone.com/reports/463010 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La funcionalidad Webhook de GitLab podría ser abusada para llevar a cabo ataques de denegación de servicio debido a una falta de limitación de velocidad • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json https://gitlab.com/gitlab-org/gitlab/-/issues/223681 https://hackerone.com/reports/904134 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab era vulnerable a un ataque de tipo XSS almacenado en la página standalone vulnerability • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13301.json https://gitlab.com/gitlab-org/gitlab/-/issues/219378 https://hackerone.com/reports/882988 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •