CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13304
https://notcve.org/view.php?id=CVE-2020-13304
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El mismo código secreto de autenticación de 2 factores era generado, lo que resultaba en que un atacante mantuviera el acceso bajo determinadas condiciones • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13304.json https://gitlab.com/gitlab-org/gitlab/-/issues/27686 https://hackerone.com/reports/511260 • CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13314
https://notcve.org/view.php?id=CVE-2020-13314
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El endpoint Omniauth de GitLab permitió a un usuario malicioso enviar contenido para ser mostrado al usuario dentro de los mensajes de error • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13314.json https://gitlab.com/gitlab-org/gitlab/-/issues/25201 https://hackerone.com/reports/438746 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13311
https://notcve.org/view.php?id=CVE-2020-13311
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Wiki era vulnerable a un ataque del analizador que prohíbe a cualquier persona acceder a la funcionalidad Wiki por medio de la interfaz de usuario • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13311.json https://gitlab.com/gitlab-org/gitlab/-/issues/208682 https://gitlab.com/gitlab-org/gitlab/-/issues/224496 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13312
https://notcve.org/view.php?id=CVE-2020-13312
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El endpoint Oauth de GitLab era vulnerable a unos ataques de fuerza bruta por medio de un parámetro específico • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13312.json https://gitlab.com/gitlab-org/gitlab/-/issues/29746 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13313
https://notcve.org/view.php?id=CVE-2020-13313
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Un mantenedor de proyecto no autorizado podría editar las insignias de subgrupo debido a una falta de control de autorización • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13313.json https://gitlab.com/gitlab-org/gitlab/-/issues/118536 https://hackerone.com/reports/751264 • CWE-863: Incorrect Authorization •