CVE-2020-13317
https://notcve.org/view.php?id=CVE-2020-13317
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Una comprobación insuficiente en la API GraphQL permitió a un mantenedor eliminar un repositorio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13317.json https://gitlab.com/gitlab-org/gitlab/-/issues/215703 https://hackerone.com/reports/858671 • CWE-20: Improper Input Validation •
CVE-2020-13318
https://notcve.org/view.php?id=CVE-2020-13318
A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.0.12, 13.1.10, 13.2.8 y 13.3.4. La integración EKS de GitLab era vulnerable a un ataque de tipo cross-account assume role • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13318.json https://gitlab.com/gitlab-org/gitlab/-/issues/228915 •
CVE-2020-13284
https://notcve.org/view.php?id=CVE-2020-13284
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Una Autorización de la API Usa un Token de Trabajo de CI Obsoleto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13284.json https://gitlab.com/gitlab-org/gitlab/-/issues/221040 • CWE-863: Incorrect Authorization •
CVE-2020-13289
https://notcve.org/view.php?id=CVE-2020-13289
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. En determinados casos, podría ser aceptado un nombre de usuario no válido cuando se activa 2FA • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13289.json https://gitlab.com/gitlab-org/gitlab/-/issues/20302 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-13287
https://notcve.org/view.php?id=CVE-2020-13287
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Los reporteros del proyecto y superiores podrían ver un EPIC confidencial adjunto a temas confidenciales • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13287.json https://gitlab.com/gitlab-org/gitlab/-/issues/227820 https://hackerone.com/reports/919468 •