CVE-2020-13335
https://notcve.org/view.php?id=CVE-2020-13335
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. Una comprobación inapropiada de la membresía de un grupo al eliminar una cuenta de usuario en GitLab versiones posteriores e incluyendo a 7.12, permite a un usuario eliminar su propia cuenta sin eliminar y transferir su grupo • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13335.json https://gitlab.com/gitlab-org/gitlab/-/issues/27231 https://hackerone.com/reports/503823 • CWE-863: Incorrect Authorization •
CVE-2020-13345
https://notcve.org/view.php?id=CVE-2020-13345
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 10.8. Un vulnerabilidad de tipo XSS reflejado en Múltiples Rutas • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13345.json https://gitlab.com/gitlab-org/gitlab/-/issues/232829 https://hackerone.com/reports/946728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13343
https://notcve.org/view.php?id=CVE-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 11.2. Los Usuarios No Autorizados pueden Visualizar la Plantilla de Proyecto Personalizada • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13343.json https://gitlab.com/gitlab-org/gitlab/-/issues/14861 https://hackerone.com/reports/689314 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2020-13338
https://notcve.org/view.php?id=CVE-2020-13338
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 12.10.13, 13.0.8, 13.1.2. Se detectó una vulnerabilidad de tipo cross-site scripting almacenado cuando se editan referencias • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13338.json https://gitlab.com/gitlab-org/gitlab/-/issues/213273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13337
https://notcve.org/view.php?id=CVE-2020-13337
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. Se ha detectado un problema en GitLab que afecta a las versiones de 12.10 hasta 12.10.12, que permitía que una carga útil de tipo XSS almacenado sea agregada como un nombre de grupo • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13337.json https://gitlab.com/gitlab-org/gitlab/-/issues/199049 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •