CVE-2020-13288
https://notcve.org/view.php?id=CVE-2020-13288
In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, se presenta una vulnerabilidad de tipo XSS almacenada en la página CI/CD Jobs • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13288.json https://gitlab.com/gitlab-org/gitlab/-/issues/215538 https://hackerone.com/reports/856554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13292
https://notcve.org/view.php?id=CVE-2020-13292
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, es posible omitir una comprobación de correo electrónico que es requerido para OAuth Flow • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13292.json https://gitlab.com/gitlab-org/gitlab/-/issues/228629 https://hackerone.com/reports/922456 • CWE-287: Improper Authentication •
CVE-2020-13294
https://notcve.org/view.php?id=CVE-2020-13294
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, los otorgamientos de acceso no fueron revocados cuando un usuario revocaba el acceso a una aplicación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json https://gitlab.com/gitlab-org/gitlab/-/issues/26147 https://hackerone.com/reports/469728 •
CVE-2020-13293
https://notcve.org/view.php?id=CVE-2020-13293
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, el uso de una rama con un nombre hexadecimal podría anular un hash existente • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13293.json https://gitlab.com/gitlab-org/gitlab/-/issues/202690 https://hackerone.com/reports/790634 •