Page 112 of 938 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El endpoint Oauth de GitLab era vulnerable a unos ataques de fuerza bruta por medio de un parámetro específico • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13312.json https://gitlab.com/gitlab-org/gitlab/-/issues/29746 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Un mantenedor de proyecto no autorizado podría editar las insignias de subgrupo debido a una falta de control de autorización • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13313.json https://gitlab.com/gitlab-org/gitlab/-/issues/118536 https://hackerone.com/reports/751264 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Una comprobación insuficiente en la API GraphQL permitió a un mantenedor eliminar un repositorio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13317.json https://gitlab.com/gitlab-org/gitlab/-/issues/215703 https://hackerone.com/reports/858671 • CWE-20: Improper Input Validation •

CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.0.12, 13.1.10, 13.2.8 y 13.3.4. La integración EKS de GitLab era vulnerable a un ataque de tipo cross-account assume role • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13318.json https://gitlab.com/gitlab-org/gitlab/-/issues/228915 •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Una Autorización de la API Usa un Token de Trabajo de CI Obsoleto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13284.json https://gitlab.com/gitlab-org/gitlab/-/issues/221040 • CWE-863: Incorrect Authorization •