CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 1528
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-13281 For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature 6.5 1.33% 2020-08-13 2026-06-16
CVE-2020-13282 For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. 3.1 0.68% 2020-08-13 2026-06-16
CVE-2020-13283 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. 7.3 0.85% 2020-08-13 2026-06-16
CVE-2020-13284 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token 6.5 1.09% 2020-09-14 2026-06-16
CVE-2020-13285 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. 7.3 1.01% 2020-08-13 2026-06-16
CVE-2020-13286 For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. 6.4 0.74% 2020-08-13 2026-06-16
CVE-2020-13287 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues 4.3 1.21% 2020-09-14 2026-06-16
CVE-2020-13288 In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page 5.5 4.04% 2020-08-12 2026-06-16
CVE-2020-13289 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. 5.4 0.69% 2020-09-14 2026-06-16
CVE-2020-13290 In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page 7.5 1.11% 2020-08-12 2026-06-16
CVE-2020-13291 In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. 8.1 0.96% 2020-08-12 2026-06-16
CVE-2020-13292 In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. 9.6 1.00% 2020-08-10 2026-06-16
CVE-2020-13293 In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. 6.3 1.04% 2020-08-10 2026-06-16
CVE-2020-13294 In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. 4.2 1.22% 2020-08-10 2026-06-16
CVE-2020-13295 For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. 5.4 1.16% 2020-08-10 2026-06-16
CVE-2020-13296 An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens 6.5 1.58% 2020-09-30 2026-06-16
CVE-2020-13297 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint. 3.8 1.03% 2020-09-14 2026-06-16
CVE-2020-13298 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure. 7.2 1.24% 2020-09-14 2026-06-16
CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 8.1 1.23% 2020-09-14 2026-06-16
CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. 8.0 1.29% 2020-09-14 2026-06-16
cvelogic Threat Intelligence