CVE-2020-13277 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

4.6%

top 10.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gitlab Gitlab Gitlab CE

Timeline

PublishedJun 19

Latest updateMay 24

Description

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/gitlab< gitlab 13.2.3-2 (sid)

▶NVDgitlab/gitlab10.6.0 — 13.0.5

▶CVEListV5gitlab/gitlab>=10.6, <12.9.10, >=12.10, <12.10.11, >=13.0, <13.0.6+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-23r2-7xm3-g75g: An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2020-13277: An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5↗2020-06-19

▶

Debian

CVE-2020-13277: gitlab - An authorization issue in the mirroring logic allowed read access to private rep...↗2020

▶