Vulnerabilidades en GitLab
1055 resultadosCVE-2020-26414MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that EPSS 1.5%CVE-2020-13334MEDIUMIn GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the coEPSS 1.5%CVE-2020-13311MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits aEPSS 1.5%CVE-2020-13343HIGHAn issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project TemplateEPSS 1.5%CVE-2022-0489LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math EPSS 1.5%CVE-2021-39940MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 beforeEPSS 1.5%CVE-2017-0926—Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthoriEPSS 1.5%CVE-2021-39942MEDIUMA denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 bEPSS 1.4%CVE-2022-1174MEDIUMA potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, allEPSS 1.4%CVE-2021-39907MEDIUMA potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resuEPSS 1.4%CVE-2021-39912MEDIUMA potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to triggEPSS 1.4%CVE-2020-13317MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maiEPSS 1.4%CVE-2020-26405HIGHPath traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitEPSS 1.4%CVE-2020-26406MEDIUMCertain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposedEPSS 1.4%CVE-2021-39933MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 beforEPSS 1.4%CVE-2022-0741MEDIUMImproper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables vEPSS 1.4%CVE-2020-13321HIGHA vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to beEPSS 1.4%CVE-2020-13316MEDIUMA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a EPSS 1.4%CVE-2020-13354MEDIUMA potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponEPSS 1.4%CVE-2020-13270HIGHMissing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relatioEPSS 1.4%