CVE-2020-10079
published 2020-03-13CVE-2020-10079: GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.86%
54.0th percentile
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | 7.10.0 – 12.8.1 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2020-10079: GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authen
vendor_gitlab·2020-03-13·CVSS 5.3
CVE-2020-10079 [MEDIUM] CWE-306 CVE-2020-10079: GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authen
CVE-2020-10079: GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
Debian
CVE-2020-10079: gitlab - GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain condition...
vendor_debian·2020·CVSS 5.3
CVE-2020-10079 [MEDIUM] CVE-2020-10079: gitlab - GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain condition...
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-3jmg-94rq-h4hm: GitLab 7
ghsa_unreviewed·2022-05-24
CVE-2020-10079 [MEDIUM] GHSA-3jmg-94rq-h4hm: GitLab 7
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
OSV
CVE-2020-10079: GitLab 7
osv·2020-03-13·CVSS 5.3
CVE-2020-10079 [MEDIUM] CVE-2020-10079: GitLab 7
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.htmlhttps://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
2020-03-13
Published