CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13314
https://notcve.org/view.php?id=CVE-2020-13314
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El endpoint Omniauth de GitLab permitió a un usuario malicioso enviar contenido para ser mostrado al usuario dentro de los mensajes de error • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13314.json https://gitlab.com/gitlab-org/gitlab/-/issues/25201 https://hackerone.com/reports/438746 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13311
https://notcve.org/view.php?id=CVE-2020-13311
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Wiki era vulnerable a un ataque del analizador que prohíbe a cualquier persona acceder a la funcionalidad Wiki por medio de la interfaz de usuario • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13311.json https://gitlab.com/gitlab-org/gitlab/-/issues/208682 https://gitlab.com/gitlab-org/gitlab/-/issues/224496 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13312
https://notcve.org/view.php?id=CVE-2020-13312
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. El endpoint Oauth de GitLab era vulnerable a unos ataques de fuerza bruta por medio de un parámetro específico • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13312.json https://gitlab.com/gitlab-org/gitlab/-/issues/29746 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13313
https://notcve.org/view.php?id=CVE-2020-13313
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Un mantenedor de proyecto no autorizado podría editar las insignias de subgrupo debido a una falta de control de autorización • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13313.json https://gitlab.com/gitlab-org/gitlab/-/issues/118536 https://hackerone.com/reports/751264 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13317
https://notcve.org/view.php?id=CVE-2020-13317
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Una comprobación insuficiente en la API GraphQL permitió a un mantenedor eliminar un repositorio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13317.json https://gitlab.com/gitlab-org/gitlab/-/issues/215703 https://hackerone.com/reports/858671 • CWE-20: Improper Input Validation •