CVE-2020-10088 — Improper Privilege Management in Gitlab

CWE-269 — Improper Privilege Management CWE-732 — Incorrect Permission Assignment6 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.0%

top 84.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedMar 13

Latest updateMay 24

Description

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDgitlab/gitlab12.5.0 — 12.8.1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-q5jf-8f55-j92v: GitLab 12↗2022-05-24

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Security (Tika) — CVE-2019-10088↗2020-04-15

▶

GitLab

CVE-2020-10088: GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorr↗2020-03-13

▶

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Core (Apache Tika) — CVE-2019-10088↗2020-01-15

▶

Debian

CVE-2020-10088: gitlab - GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular gro...↗2020

▶