CVE-2020-10083 — Improper Preservation of Permissions in Gitlab

CWE-281 — Improper Preservation of Permissions4 documents4 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 83.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 13

Latest updateMay 24

Description

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDgitlab/gitlab12.7.0 — 12.8.1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-785p-hcfx-v324: GitLab 12↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2020-10083: GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.↗2020-03-13

▶

Debian

CVE-2020-10083: gitlab - GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions in...↗2020

▶