Multiple vulnerabilities reported in GitLab EE

Share on facebook
Share on google
Share on twitter
Share on linkedin
Overview :
Multiple vulnerabilities reported in GitLab EE
Affected Product(s) :
  • Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
  • Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Vulnerability Details :
CVE ID : CVE-2020-13348
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE ID : CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Solution :

This vulnerability is currently awaiting analysis.

 

Recent Posts

Follow Us

Web Application Firewall Solution

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit