Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2020-13265
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
CVE-2020-13273
A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1
CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
CVE-2020-13276
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
CVE-2020-13275
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
CVE-2020-13272
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to p ...
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-13265 User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | CVSS3: 4.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13273 A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13274 A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13276 User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | CVSS3: 7.4 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13275 A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | CVSS3: 8 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13262 Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13272 OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-13277 An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | CVSS3: 6.3 | 5% Низкий | больше 5 лет назад |
| CVE-2020-13277 An authorization issue in the mirroring logic allowed read access to p ... | CVSS3: 6.3 | 5% Низкий | больше 5 лет назад |
| CVE-2020-13277 An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | CVSS3: 6.3 | 5% Низкий | больше 5 лет назад |
Уязвимостей на страницу