Overview :
Multiple vulnerabilities reported in GitLab EE
Affected Product(s) :
  • Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
  • Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Vulnerability Details :
CVE ID : CVE-2020-13348
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE ID : CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Solution :

This vulnerability is currently awaiting analysis.