Page 133 of 769 results (0.008 seconds)

CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, es posible omitir una comprobación de correo electrónico que es requerido para OAuth Flow • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13292.json https://gitlab.com/gitlab-org/gitlab/-/issues/228629 https://hackerone.com/reports/922456 • CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, los otorgamientos de acceso no fueron revocados cuando un usuario revocaba el acceso a una aplicación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json https://gitlab.com/gitlab-org/gitlab/-/issues/26147 https://hackerone.com/reports/469728 •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, el uso de una rama con un nombre hexadecimal podría anular un hash existente • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13293.json https://gitlab.com/gitlab-org/gitlab/-/issues/202690 https://hackerone.com/reports/790634 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. GitLab EE versiones 11.3 hasta 13.1.2, presenta un Control de Acceso Incorrecto debido al endpoint de carga del paquete Maven • https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released https://about.gitlab.com/releases/categories/releases https://gitlab.com/gitlab-org/gitlab/-/issues/225259 •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. Se identificó un problema de autorización relacionado con la suplantación del mantenedor del proyecto en GitLab EE versiones 9.5 y posteriores hasta 13.0.1, que podría permitir a usuarios no autorizados hacerse pasar como mantenedor para llevar a cabo acciones limitadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13263.json https://gitlab.com/gitlab-org/gitlab/-/issues/211940 https://hackerone.com/reports/819821 • CWE-863: Incorrect Authorization •