CVE-2020-13323
https://notcve.org/view.php?id=CVE-2020-13323
A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1. Bajo determinadas condiciones, las peticiones de fusión privadas pueden ser leídas mediante Todos • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13323.json https://gitlab.com/gitlab-org/gitlab/-/issues/215175 •
CVE-2020-13328
https://notcve.org/view.php?id=CVE-2020-13328
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. GitLab era vulnerable a un ataque de tipo XSS almacenado por medio del uso de la API de archivos PyPi • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13328.json https://gitlab.com/gitlab-org/gitlab/-/issues/215640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13322
https://notcve.org/view.php?id=CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. Se detectó una vulnerabilidad en de GitLab posteriores a 12.9. Debido a una comprobación de permisos inapropiada, un usuario no autorizado puede crear y eliminar tokens de implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13322.json https://gitlab.com/gitlab-org/gitlab/-/issues/212469 • CWE-863: Incorrect Authorization •
CVE-2020-13319
https://notcve.org/view.php?id=CVE-2020-13319
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. Se ha detectado un problema en GitLab que afecta a versiones anteriores a 13.1.2, 13.0.8 y 12.10.13. Una falta de comprobación de permisos para agregar tiempo dedicado a un problema • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json https://gitlab.com/gitlab-org/gitlab/-/issues/201806 https://hackerone.com/reports/755188 • CWE-862: Missing Authorization •
CVE-2020-13296
https://notcve.org/view.php?id=CVE-2020-13296
An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens Se ha detectado un problema en GitLab que afecta a versiones posteriores e incluyendo a 10.7 anteriores a 13.0.14, posteriores e incluyendo a 13.1.0 anteriores a 13.1.8, posteriores e incluyendo a 13.2.0 anteriores a 13.2.6. Un Control de Acceso Inapropiado para los Tokens de Implementación • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13296.json https://gitlab.com/gitlab-org/gitlab/-/issues/235996 https://hackerone.com/reports/957459 • CWE-862: Missing Authorization •