CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13292
https://notcve.org/view.php?id=CVE-2020-13292
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, es posible omitir una comprobación de correo electrónico que es requerido para OAuth Flow • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13292.json https://gitlab.com/gitlab-org/gitlab/-/issues/228629 https://hackerone.com/reports/922456 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13294
https://notcve.org/view.php?id=CVE-2020-13294
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, los otorgamientos de acceso no fueron revocados cuando un usuario revocaba el acceso a una aplicación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13294.json https://gitlab.com/gitlab-org/gitlab/-/issues/26147 https://hackerone.com/reports/469728 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13293
https://notcve.org/view.php?id=CVE-2020-13293
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. En GitLab versiones anteriores a 13.0.12, 13.1.6 y 13.2.3, el uso de una rama con un nombre hexadecimal podría anular un hash existente • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13293.json https://gitlab.com/gitlab-org/gitlab/-/issues/202690 https://hackerone.com/reports/790634 •