CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13350
https://notcve.org/view.php?id=CVE-2020-13350
17 Nov 2020 — CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9. Un CSRF en la página de administración del ejecutor en todas las versiones de GitLab CE/EE, permite a un atacante que pueda apuntar a administradores de instancias de GitLab pausar y reanudar los ejecutores. Las versiones afectadas son las versiones posteriores a 13.5.0 e incl... • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13350.json • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13339
https://notcve.org/view.php?id=CVE-2020-13339
08 Oct 2020 — An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2: Una vulnerabilidad de tipo XSS en SVG File Preview. El impacto general es limitado debido a que solo el usuario actual esta siendo impactado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13339.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13340
https://notcve.org/view.php?id=CVE-2020-13340
08 Oct 2020 — An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2: Una vulnerabilidad de tipo XSS almacenado en CI Job Log • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13340.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13335
https://notcve.org/view.php?id=CVE-2020-13335
07 Oct 2020 — Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Una comprobación inapropiada de la membresía de un grupo al eliminar una cuenta de usuario en GitLab versiones posteriores e incluyendo a 7.12, permite a un usuario eliminar su propia cuenta sin eliminar y transferir su grupo • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13335.json • CWE-863: Incorrect Authorization •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13321
https://notcve.org/view.php?id=CVE-2020-13321
29 Sep 2020 — A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. Unas restricciones de formato de nombre de usuario pueden omitidas, permitiendo agregar etiquetas html • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13321.json •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13331
https://notcve.org/view.php?id=CVE-2020-13331
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado mediante los pasajes de Wiki • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13331.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13330
https://notcve.org/view.php?id=CVE-2020-13330
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado al importar la funcionalidad de proyecto Bitbucket • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13330.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-13329
https://notcve.org/view.php?id=CVE-2020-13329
29 Sep 2020 — An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. Se ha detectado un problema en GitLab que afecta a versiones de 12.6.2 anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado en la funcionalidad blob view • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13329.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13320
https://notcve.org/view.php?id=CVE-2020-13320
29 Sep 2020 — An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Se detectó un problema en GitLab versiones anteriores a 12.10.13, que permitía a un miembro del proyecto con permisos limitados visualizar el panel de seguridad del proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13320.json •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13319
https://notcve.org/view.php?id=CVE-2020-13319
29 Sep 2020 — An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. Una falta de comprobación de permisos para agregar tiempo dedicado a un problema • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json • CWE-862: Missing Authorization •