CVE-2020-13263 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 58.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedJun 19

Latest updateMay 24

Description

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDgitlab/gitlab9.5.0 — 12.9.8+2

▶CVEListV5gitlab/gitlab>=12.10, <12.10.7, >=13.0, <13.0.1, >=9.5, <12.9.8+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-4h9q-f95v-pf5f: An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2020-13263: An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthor↗2020-06-19

▶

Debian

CVE-2020-13263: gitlab - An authorization issue relating to project maintainer impersonation was identifi...↗2020

▶