CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13319
https://notcve.org/view.php?id=CVE-2020-13319
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. Una falta de comprobación de permisos para agregar tiempo dedicado a un problema • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json https://gitlab.com/gitlab-org/gitlab/-/issues/201806 https://hackerone.com/reports/755188 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-13296
https://notcve.org/view.php?id=CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens Se ha detectado un problema en GitLab que afecta a versiones posteriores e incluyendo a 10.7 anteriores a 13.0.14, posteriores e incluyendo a 13.1.0 anteriores a 13.1.8, posteriores e incluyendo a 13.2.0 anteriores a 13.2.6. Un Control de Acceso Inapropiado para los Tokens de Implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13296.json https://gitlab.com/gitlab-org/gitlab/-/issues/235996 https://hackerone.com/reports/957459 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13298
https://notcve.org/view.php?id=CVE-2020-13298
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La funcionalidad de carga de paquetes Conan no validaba correctamente los parámetros suministrados, resultando en la divulgación limitada de archivos • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json https://gitlab.com/gitlab-org/gitlab/-/issues/228841 https://hackerone.com/reports/923027 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13305
https://notcve.org/view.php?id=CVE-2020-13305
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no invalidaba el enlace de invitación al proyecto al eliminar a un usuario de un proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13305.json https://gitlab.com/gitlab-org/gitlab/-/issues/26801 https://hackerone.com/reports/492621 • CWE-613: Insufficient Session Expiration •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13309
https://notcve.org/view.php?id=CVE-2020-13309
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab era vulnerable a un ataque de tipo SSRF ciego por medio de la funcionalidad repository mirroring • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13309.json https://gitlab.com/gitlab-org/gitlab/-/issues/215879 https://hackerone.com/reports/860196 • CWE-918: Server-Side Request Forgery (SSRF) •