GitLab 13.0.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:13.0.0:*:*:*:community:*:*:*
part: a version: 13.0.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.109796 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3399 |
vulnerable | 2026-06-03 14:52:40.731517 |
Insertion of Sensitive Information Into Sent Data in GitLab
HIGH (8.5)
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.
Published: 2023-11-06T12:08:54.970Z
Updated: 2025-11-20T04:07:28.274Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39897 |
vulnerable | 2026-06-03 14:45:09.837961 |
Details available
LOW (2.6)
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred
Published: 2021-11-04T23:07:04.000Z
Updated: 2024-08-04T02:20:33.759Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13276 |
vulnerable | 2026-06-03 14:41:36.507270 |
Details available
HIGH (7.4)
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
Published: 2020-06-19T21:37:54.000Z
Updated: 2024-08-04T12:11:19.431Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13275 |
vulnerable | 2026-06-03 14:41:36.506829 |
Details available
HIGH (8)
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
Published: 2020-06-19T21:55:32.000Z
Updated: 2024-08-04T12:11:19.491Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13274 |
vulnerable | 2026-06-03 14:41:36.506393 |
Details available
HIGH (7.5)
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
Published: 2020-06-19T21:53:45.000Z
Updated: 2024-08-04T12:11:19.491Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13272 |
vulnerable | 2026-06-03 14:41:36.505581 |
Details available
HIGH (7.5)
OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow
Published: 2020-06-19T21:40:04.000Z
Updated: 2024-08-04T12:11:19.447Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13265 |
vulnerable | 2026-06-03 14:41:36.502748 |
Details available
MEDIUM (4.3)
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
Published: 2020-06-19T21:42:04.000Z
Updated: 2024-08-04T12:11:19.478Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13264 |
vulnerable | 2026-06-03 14:41:36.502302 |
Details available
MEDIUM (5.3)
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
Published: 2020-06-19T22:13:52.000Z
Updated: 2024-08-04T12:11:19.466Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13263 |
vulnerable | 2026-06-03 14:41:36.501854 |
Details available
HIGH (7.5)
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
Published: 2020-06-19T22:15:37.000Z
Updated: 2024-08-04T12:11:19.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13262 |
vulnerable | 2026-06-03 14:41:36.501386 |
Details available
MEDIUM (6.1)
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Published: 2020-06-19T21:59:20.000Z
Updated: 2024-08-04T12:11:19.462Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13261 |
vulnerable | 2026-06-03 14:41:36.500245 |
Details available
MEDIUM (5.3)
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
Published: 2020-06-19T22:11:59.000Z
Updated: 2024-08-04T12:11:19.551Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.