Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2020-13268
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
CVE-2020-13268
A specially crafted request could be used to confirm the existence of ...
CVE-2020-13267
A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1
CVE-2020-13267
A Stored Cross-Site Scripting vulnerability allowed the execution on J ...
CVE-2020-13270
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API
CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-13268 A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 | CVSS3: 5.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13268 A specially crafted request could be used to confirm the existence of ... | CVSS3: 5.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13267 A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13267 A Stored Cross-Site Scripting vulnerability allowed the execution on J ... | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-13270 Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13271 A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13266 Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | CVSS3: 4.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-13266 Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ... | CVSS3: 4.3 | 0% Низкий | больше 5 лет назад |
| CVE-2020-12448 GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | CVSS3: 5.3 | 0% Низкий | почти 6 лет назад |
| CVE-2020-12448 GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ... | CVSS3: 5.3 | 0% Низкий | почти 6 лет назад |
Уязвимостей на страницу