Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab 13.0.0 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later up to and including 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
Gitlab Gitlab
Gitlab Gitlab 13.0.0
4.3
CVSSv2
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later up to and including 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Gitlab Gitlab
Gitlab Gitlab 13.0.0
6.5
CVSSv2
CVE-2020-13263
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later up to and including 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5
CVSSv2
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later up to and including 13.0.1 allows other group maintainers to view Kubernetes cluster token
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5
CVSSv2
CVE-2020-13265
User email verification bypass in GitLab CE/EE 12.5 and later up to and including 13.0.1 allows user to bypass email verification
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5
CVSSv2
CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
4
CVSSv2
CVE-2020-13276
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions up to and including 13.0.1
Gitlab Gitlab
Gitlab Gitlab 13.0.0
NA
CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD var...
Gitlab Gitlab
Gitlab Gitlab 13.0.0
5
CVSSv2
CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
Gitlab Gitlab
Gitlab Gitlab 13.0.0
NA
CVE-2022-2826
An issue has been discovered in GitLab affecting all versions starting from 10.0 prior to 12.9.8, all versions starting from 12.10 prior to 12.10.7, all versions starting from 13.0 prior to 13.0.1. TODO
Gitlab Gitlab
Gitlab Gitlab 13.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »