CVE-2020-10952Incorrect Authorization in Gitlab

CWE-863Incorrect Authorization4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 78.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian GitlabGitlabGitlab EE
Timeline
PublishedMar 27
Latest updateMay 24

Description

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

debiandebian/gitlab< gitlab 13.2.3-2 (sid)
NVDgitlab/gitlab8.11.012.9.1
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-mxch-5ff5-jp4w: GitLab EE/CE 82022-05-24

📋Vendor Advisories

2
GitLab
CVE-2020-10952: GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.2020-03-27
Debian
CVE-2020-10952: gitlab - GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...2020