CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13328
https://notcve.org/view.php?id=CVE-2020-13328
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado por medio del uso de la API de archivos PyPi • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13328.json https://gitlab.com/gitlab-org/gitlab/-/issues/215640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13322
https://notcve.org/view.php?id=CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. Se detectó una vulnerabilidad en de GitLab posteriores a 12.9. Debido a una comprobación de permisos inapropiada, un usuario no autorizado puede crear y eliminar tokens de implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13322.json https://gitlab.com/gitlab-org/gitlab/-/issues/212469 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13319
https://notcve.org/view.php?id=CVE-2020-13319
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. Una falta de comprobación de permisos para agregar tiempo dedicado a un problema • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json https://gitlab.com/gitlab-org/gitlab/-/issues/201806 https://hackerone.com/reports/755188 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-13296
https://notcve.org/view.php?id=CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens Se ha detectado un problema en GitLab que afecta a versiones posteriores e incluyendo a 10.7 anteriores a 13.0.14, posteriores e incluyendo a 13.1.0 anteriores a 13.1.8, posteriores e incluyendo a 13.2.0 anteriores a 13.2.6. Un Control de Acceso Inapropiado para los Tokens de Implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13296.json https://gitlab.com/gitlab-org/gitlab/-/issues/235996 https://hackerone.com/reports/957459 • CWE-862: Missing Authorization •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13307
https://notcve.org/view.php?id=CVE-2020-13307
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no revocaba las sesiones de los usuarios actuales cuando se activaba la autenticación de 2 factores, permitiendo a un usuario malicioso mantener su acceso • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13307.json https://gitlab.com/gitlab-org/gitlab/-/issues/31307 https://hackerone.com/reports/676772 • CWE-613: Insufficient Session Expiration •