Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
gitlab

GitLab CE/EE

38 Versions 22 CVEs

Versions

>=8.8.9

OTHER 1 CVE

Affects GitLab CE/EE 10.2 and later

OTHER 1 CVE

>=8.14

OTHER 1 CVE

>=13.5 to <13.5.5

OTHER 2 CVEs

>= 13.5 to <13.5.5

OTHER 1 CVE

>= 12.2 to <13.4.7

OTHER 1 CVE

>=12.6

OTHER 1 CVE

>= 13.1 to <13.4.7

OTHER 1 CVE

>=13.0

OTHER 1 CVE

>=13.4.0

OTHER 2 CVEs

>=13.5.0

OTHER 2 CVEs

>= 13.6 to <13.6.2

OTHER 1 CVE

>=13.6, <13.6.2

OTHER 1 CVE

>=12.10

OTHER 1 CVE

Affects GitLab CE/EE 8.14 and later

OTHER 1 CVE

>=13.6 to <13.6.2

OTHER 2 CVEs

>=10.3

OTHER 1 CVE

>=12.8

OTHER 1 CVE

>=13.4, <13.4.7

OTHER 1 CVE

>=13.1 to <13.4.7

OTHER 1 CVE

>=10.2

OTHER 1 CVE

Fixed in 12.1.2 in 12.0.4 and in 11.11.6

OTHER 2 CVEs

>=13.5, <13.5.5

OTHER 1 CVE

<13.5.5

OTHER 2 CVEs

<13.4.5

OTHER 8 CVEs

before 12.3.2

OTHER 4 CVEs

<13.6.2

OTHER 2 CVEs

<13.4.7

OTHER 2 CVEs

<13.3.9

OTHER 9 CVEs

>=12.4

OTHER 1 CVE

>=13.5

OTHER 8 CVEs

<13.5.2

OTHER 8 CVEs

>=13.4

OTHER 6 CVEs

before 12.1.12

OTHER 4 CVEs

before 12.2.6

OTHER 4 CVEs

before 12.1.10

OTHER 1 CVE

>=13.3

OTHER 1 CVE

>=13.6

OTHER 2 CVEs

Recent CVEs

CVE-2020-26408

A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile

MEDIUM Dec 11, 2020

CVE-2020-13357

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.

MEDIUM Dec 11, 2020

CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

MEDIUM Dec 11, 2020

CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.

MEDIUM Dec 11, 2020

CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.

MEDIUM Dec 11, 2020

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

MEDIUM Dec 10, 2020

CVE-2020-26405

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

HIGH Nov 17, 2020

CVE-2020-13352

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

LOW Nov 17, 2020