CVE-2020-13345
https://notcve.org/view.php?id=CVE-2020-13345
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 10.8. Un vulnerabilidad de tipo XSS reflejado en Múltiples Rutas • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13345.json https://gitlab.com/gitlab-org/gitlab/-/issues/232829 https://hackerone.com/reports/946728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13343
https://notcve.org/view.php?id=CVE-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template Se ha detectado un problema en GitLab que afecta a todas las versiones a partir de la 11.2. Los Usuarios No Autorizados pueden Visualizar la Plantilla de Proyecto Personalizada • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13343.json https://gitlab.com/gitlab-org/gitlab/-/issues/14861 https://hackerone.com/reports/689314 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2020-13296
https://notcve.org/view.php?id=CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens Se ha detectado un problema en GitLab que afecta a versiones posteriores e incluyendo a 10.7 anteriores a 13.0.14, posteriores e incluyendo a 13.1.0 anteriores a 13.1.8, posteriores e incluyendo a 13.2.0 anteriores a 13.2.6. Un Control de Acceso Inapropiado para los Tokens de Implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13296.json https://gitlab.com/gitlab-org/gitlab/-/issues/235996 https://hackerone.com/reports/957459 • CWE-862: Missing Authorization •
CVE-2020-13307
https://notcve.org/view.php?id=CVE-2020-13307
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no revocaba las sesiones de los usuarios actuales cuando se activaba la autenticación de 2 factores, permitiendo a un usuario malicioso mantener su acceso • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13307.json https://gitlab.com/gitlab-org/gitlab/-/issues/31307 https://hackerone.com/reports/676772 • CWE-613: Insufficient Session Expiration •
CVE-2020-13308
https://notcve.org/view.php?id=CVE-2020-13308
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. A un usuario sin la autenticación de 2 factores habilitada se le podría prohibir el acceso a GitLab al ser invitado a un proyecto que tenía una herencia de autenticación de 2 factores • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13308.json https://gitlab.com/gitlab-org/gitlab/-/issues/29989 https://hackerone.com/reports/637675 • CWE-281: Improper Preservation of Permissions •