Debian Gitlab vulnerabilities

CVE-2020-13336 [MEDIUM] CVE-2020-13336: gitlab - An issue has been discovered in GitLab affecting versions from 11.8 before 12.10... An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. Scope: local sid: resolved

CVE-2020-10078 [MEDIUM] CVE-2020-10078: gitlab - GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was det... GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. Scope: local sid: resolved

CVE-2020-8114 [CRITICAL] CVE-2020-8114: gitlab - GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE 8.9 and later through 12.7.2 has Insecure Permission Scope: local sid: resolved

CVE-2020-12448 [MEDIUM] CVE-2020-12448: gitlab - GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthor... GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. Scope: local sid: resolved

CVE-2020-13307 [LOW] CVE-2020-13307: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. Scope: local sid: resolved (fixed in 13.2.8-1)

CVE-2020-7966 [HIGH] CVE-2020-7966: gitlab - GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. Scope: local sid: resolved

CVE-2020-6832 [MEDIUM] CVE-2020-6832: gitlab - An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. ... An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. Scope: local sid: resolved

CVE-2020-13308 [LOW] CVE-2020-13308: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. Scope: local sid: resolved (fixed in 13.2.8-1)

CVE-2020-13304 [LOW] CVE-2020-13304: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.... A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. Scope: local sid: resolved (fixed in 13.2.8-1)

CVE-2020-13273 [HIGH] CVE-2020-13273: gitlab - A Denial of Service vulnerability allowed exhausting the system resources in Git... A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 Scope: local sid: resolved

CVE-2020-7977 [MEDIUM] CVE-2020-7977: gitlab - GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. Scope: local sid: resolved

CVE-2020-10085 [MEDIUM] CVE-2020-10085: gitlab - GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view wa... GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. Scope: local sid: resolved

CVE-2020-10075 [MEDIUM] CVE-2020-10075: gitlab - GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was ... GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. Scope: local sid: resolved

CVE-2020-11505 [HIGH] CVE-2020-11505: gitlab - An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition ... An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. Scope: local sid: resolved

CVE-2020-7979 [MEDIUM] CVE-2020-7979: gitlab - GitLab EE 8.9 and later through 12.7.2 has Insecure Permission GitLab EE 8.9 and later through 12.7.2 has Insecure Permission Scope: local sid: resolved

CVE-2020-13269 [MEDIUM] CVE-2020-13269: gitlab - A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrar... A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 Scope: local sid: resolved

CVE-2020-13352 [LOW] CVE-2020-13352: gitlab - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when... Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, =13.4, =13.5, <13.5.2. Scope: local sid: resolved (fixed in 13.3.9-1)

CVE-2020-13285 [HIGH] CVE-2020-13285: gitlab - For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerabi... For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. Scope: local sid: resolved

CVE-2020-13265 [MEDIUM] CVE-2020-13265: gitlab - User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 all... User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification Scope: local sid: resolved

CVE-2020-7978 [HIGH] CVE-2020-7978: gitlab - GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. Scope: local sid: resolved