聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2020-13294 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. | 4.2 | 1.22% | 2020-08-10 | 2026-06-16 |
| CVE-2020-13295 | For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. | 5.4 | 1.16% | 2020-08-10 | 2026-06-16 |
| CVE-2020-13278 | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 6.1 | 1.43% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13288 | In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page | 5.5 | 4.04% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13290 | In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page | 7.5 | 1.11% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13291 | In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. | 8.1 | 0.96% | 2020-08-12 | 2026-06-16 |
| CVE-2020-13280 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 6.5 | 1.05% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13282 | For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | 3.1 | 0.68% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13283 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | 7.3 | 0.85% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13285 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. | 7.3 | 1.01% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13281 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | 6.5 | 1.33% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13286 | For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | 6.4 | 0.74% | 2020-08-13 | 2026-06-16 |
| CVE-2020-13284 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | 6.5 | 1.09% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13287 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues | 4.3 | 1.21% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13289 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. | 5.4 | 0.69% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13299 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | 8.1 | 1.23% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13300 | GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | 8.0 | 1.29% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13316 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. | 5.4 | 1.42% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13318 | A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. | 6.4 | 0.98% | 2020-09-14 | 2026-06-16 |
| CVE-2020-13311 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface. | 4.3 | 1.50% | 2020-09-14 | 2026-06-16 |