CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13339
https://notcve.org/view.php?id=CVE-2020-13339
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted. Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2: Una vulnerabilidad de tipo XSS en SVG File Preview. El impacto general es limitado debido a que solo el usuario actual esta siendo impactado • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13339.json https://gitlab.com/gitlab-org/gitlab/-/issues/118477 https://hackerone.com/reports/758653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13340
https://notcve.org/view.php?id=CVE-2020-13340
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2: Una vulnerabilidad de tipo XSS almacenado en CI Job Log • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13340.json https://gitlab.com/gitlab-org/gitlab/-/issues/233473 https://hackerone.com/reports/950190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13344
https://notcve.org/view.php?id=CVE-2020-13344
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis Se ha detectado un problema en GitLab afectando a todas las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2. Las claves de las sesiones son almacenadas en texto plano en Redis, lo que permite al atacante con acceso a Redis autenticarse como cualquier usuario que tenga una sesión almacenada en Redis • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13344.json https://gitlab.com/gitlab-org/gitlab/-/issues/17817 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13342
https://notcve.org/view.php?id=CVE-2020-13342
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email Se ha detectado un problema en GitLab que afecta a las versiones anteriores a 13.2.10, 13.3.7 y 13.4.2: Una Falta de Límitación de Velocidad en el Reenvío del Email de Confirmación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13342.json https://gitlab.com/gitlab-org/gitlab/-/issues/222966 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13346
https://notcve.org/view.php?id=CVE-2020-13346
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. Unos cambios de membresía no están reflejados en las suscripciones ToDo en GitLab versiones anteriores a 13.2.10, 13.3.7 y 13.4.2, permitiendo a usuarios invitados acceder a problemas confidenciales por medio de la API • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13346.json https://gitlab.com/gitlab-org/gitlab/-/issues/219496 https://hackerone.com/reports/880863 • CWE-459: Incomplete Cleanup •