CVE-2020-13310
https://notcve.org/view.php?id=CVE-2020-13310
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.3, 13.2.3 y 13.3.1. Era posible hacer que el proceso gitlab-runner se bloqueara mediante el envío de consultas malformadas resultando en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857 https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819 •
CVE-2020-13315
https://notcve.org/view.php?id=CVE-2020-13315
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La página profile activity no estaba restringiendo la cantidad de resultados que uno podía requerir, resultando potencialmente en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13315.json https://gitlab.com/gitlab-org/gitlab/-/issues/25825 https://hackerone.com/reports/463010 •
CVE-2020-13306
https://notcve.org/view.php?id=CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La funcionalidad Webhook de GitLab podría ser abusada para llevar a cabo ataques de denegación de servicio debido a una falta de limitación de velocidad • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13306.json https://gitlab.com/gitlab-org/gitlab/-/issues/223681 https://hackerone.com/reports/904134 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-13301
https://notcve.org/view.php?id=CVE-2020-13301
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab era vulnerable a un ataque de tipo XSS almacenado en la página standalone vulnerability • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13301.json https://gitlab.com/gitlab-org/gitlab/-/issues/219378 https://hackerone.com/reports/882988 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13302
https://notcve.org/view.php?id=CVE-2020-13302
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Bajo determinadas condiciones, GitLab no revocaba apropiadamente las sesiones de usuarios y permitía a un usuario malicioso acceder a una cuenta de usuario con una contraseña antigua • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13302.json https://gitlab.com/gitlab-org/gitlab/-/issues/25195 https://hackerone.com/reports/437194 • CWE-613: Insufficient Session Expiration •