CVE-2020-13329
https://notcve.org/view.php?id=CVE-2020-13329
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature. Se ha detectado un problema en GitLab que afecta a versiones de 12.6.2 anteriores a 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado en la funcionalidad blob view • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13329.json https://gitlab.com/gitlab-org/gitlab/-/issues/208685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13328
https://notcve.org/view.php?id=CVE-2020-13328
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado por medio del uso de la API de archivos PyPi • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13328.json https://gitlab.com/gitlab-org/gitlab/-/issues/215640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13320
https://notcve.org/view.php?id=CVE-2020-13320
An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard. Se detectó un problema en GitLab versiones anteriores a 12.10.13, que permitía a un miembro del proyecto con permisos limitados visualizar el panel de seguridad del proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13320.json https://gitlab.com/gitlab-org/gitlab/-/issues/215044 •
CVE-2020-13319
https://notcve.org/view.php?id=CVE-2020-13319
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. Una falta de comprobación de permisos para agregar tiempo dedicado a un problema • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json https://gitlab.com/gitlab-org/gitlab/-/issues/201806 https://hackerone.com/reports/755188 • CWE-862: Missing Authorization •
CVE-2020-13296
https://notcve.org/view.php?id=CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens Se ha detectado un problema en GitLab que afecta a versiones posteriores e incluyendo a 10.7 anteriores a 13.0.14, posteriores e incluyendo a 13.1.0 anteriores a 13.1.8, posteriores e incluyendo a 13.2.0 anteriores a 13.2.6. Un Control de Acceso Inapropiado para los Tokens de Implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13296.json https://gitlab.com/gitlab-org/gitlab/-/issues/235996 https://hackerone.com/reports/957459 • CWE-862: Missing Authorization •