Product:

Gitlab

(Gitlab)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 376
Date ID Summary Products Score Patch
2020-06-19 CVE-2020-13261 Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code Gitlab N/A
2020-06-19 CVE-2020-13274 A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 Gitlab N/A
2020-06-19 CVE-2020-13263 An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. Gitlab N/A
2020-06-19 CVE-2020-13277 An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 Gitlab N/A
2020-06-19 CVE-2020-13276 User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 Gitlab N/A
2020-06-19 CVE-2020-13275 A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 Gitlab N/A
2020-06-19 CVE-2020-13273 A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 Gitlab N/A
2020-06-19 CVE-2020-13272 OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow Gitlab N/A
2020-06-19 CVE-2020-13265 User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification Gitlab N/A
2020-06-19 CVE-2020-13264 Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token Gitlab N/A