{"vulnerability": "CVE-2020-1334", "sightings": [{"uuid": "83efe209-9fd3-4a74-80c1-b1b2788ca320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13348", "type": "seen", "source": "https://t.me/cibsecurity/16474", "content": "\u203c CVE-2020-13348 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-17T22:39:29.000000Z"}, {"uuid": "4e4aff39-f97b-4fb7-b595-a16b8f3ae775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13348", "type": "seen", "source": "https://t.me/cibsecurity/17358", "content": "\u203c CVE-2020-13348 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T04:25:21.000000Z"}, {"uuid": "a03e7461-2b61-41cf-9a4b-c3ba7ac176fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13346", "type": "seen", "source": "https://t.me/cibsecurity/15111", "content": "\u203c CVE-2020-13346 \u203c\n\nMembership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-07T18:28:21.000000Z"}, {"uuid": "8e1402bb-7d17-4867-8f65-729b46833d70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13349", "type": "seen", "source": "https://t.me/cibsecurity/17352", "content": "\u203c CVE-2020-13349 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T04:25:15.000000Z"}, {"uuid": "aba8010a-e2ac-4f0c-a264-fdd418e83049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13344", "type": "seen", "source": "https://t.me/cibsecurity/15153", "content": "\u203c CVE-2020-13344 \u203c\n\nAn issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-08T18:30:54.000000Z"}, {"uuid": "d347b4ec-9011-4b6f-ac07-8593d9c934fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13349", "type": "seen", "source": "https://t.me/cibsecurity/16468", "content": "\u203c CVE-2020-13349 \u203c\n\nAn issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-17T22:39:22.000000Z"}]}