CVE-2020-13265Insufficient Verification of Data Authenticity in Gitlab

CWE-345Insufficient Verification of Data Authenticity4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 69.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedJun 19
Latest updateMay 24

Description

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab12.5.012.9.8+2
CVEListV5gitlab/gitlab>=12.10, <12.10.7, >=12.5, <12.9.8, >=13.0, <13.0.1+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-qcrv-74q6-jcj4: User email verification bypass in GitLab CE/EE 122022-05-24

📋Vendor Advisories

2
GitLab
CVE-2020-13265: User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification2020-06-19
Debian
CVE-2020-13265: gitlab - User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 all...2020