Page 85 of 455 results (0.012 seconds)

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. Debido a una comprobación inapropiada de los permisos, un usuario no autorizado puede acceder a un repositorio privado dentro de un proyecto público • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13303.json https://gitlab.com/gitlab-org/gitlab/-/issues/238887 https://hackerone.com/reports/962231 • CWE-287: Improper Authentication •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. La funcionalidad de carga de paquetes Conan no validaba correctamente los parámetros suministrados, resultando en la divulgación limitada de archivos • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13298.json https://gitlab.com/gitlab-org/gitlab/-/issues/228841 https://hackerone.com/reports/923027 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no invalidaba el enlace de invitación al proyecto al eliminar a un usuario de un proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13305.json https://gitlab.com/gitlab-org/gitlab/-/issues/26801 https://hackerone.com/reports/492621 • CWE-613: Insufficient Session Expiration •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab era vulnerable a un ataque de tipo SSRF ciego por medio de la funcionalidad repository mirroring • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13309.json https://gitlab.com/gitlab-org/gitlab/-/issues/215879 https://hackerone.com/reports/860196 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service. Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.3, 13.2.3 y 13.3.1. Era posible hacer que el proceso gitlab-runner se bloqueara mediante el envío de consultas malformadas resultando en una denegación de servicio • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857 https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819 •