Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.

Релизный цикл, информация об уязвимостях

Продукт: Gitlab

Вендор: gitlab

График релизов

Недавние уязвимости Gitlab

Количество 5 336

CVE-2020-13292

больше 5 лет назад

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.

CVSS3: 9.6

EPSS: Низкий

CVE-2020-13292

больше 5 лет назад

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...

CVSS3: 9.6

EPSS: Низкий

CVE-2020-13294

больше 5 лет назад

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.

CVSS3: 4.2

EPSS: Низкий

CVE-2020-13292

больше 5 лет назад

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.

CVSS3: 9.6

EPSS: Низкий

CVE-2020-13293

больше 5 лет назад

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.

CVSS3: 6.3

EPSS: Низкий

CVE-2020-15525

больше 5 лет назад

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

CVSS3: 5.3

EPSS: Низкий

CVE-2020-15525

больше 5 лет назад

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...

CVSS3: 5.3

EPSS: Низкий

CVE-2020-13264

больше 5 лет назад

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token

CVSS3: 5.3

EPSS: Низкий

CVE-2020-13264

больше 5 лет назад

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...

CVSS3: 5.3

EPSS: Низкий

CVE-2020-13263

больше 5 лет назад

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.	CVSS3: 9.6	0% Низкий	больше 5 лет назад
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...	CVSS3: 9.6	0% Низкий	больше 5 лет назад
CVE-2020-13294 In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.	CVSS3: 4.2	0% Низкий	больше 5 лет назад
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.	CVSS3: 9.6	0% Низкий	больше 5 лет назад
CVE-2020-13293 In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.	CVSS3: 6.3	0% Низкий	больше 5 лет назад
CVE-2020-15525 GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.	CVSS3: 5.3	0% Низкий	больше 5 лет назад
CVE-2020-15525 GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...	CVSS3: 5.3	0% Низкий	больше 5 лет назад
CVE-2020-13264 Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token	CVSS3: 5.3	0% Низкий	больше 5 лет назад
CVE-2020-13264 Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...	CVSS3: 5.3	0% Низкий	больше 5 лет назад
CVE-2020-13263 An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.	CVSS3: 7.5	0% Низкий	больше 5 лет назад

Уязвимостей на страницу