CVE-2020-13289Missing Authentication for Critical Function in Gitlab

CWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 62.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedSep 14
Latest updateMay 24

Description

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

NVDgitlab/gitlab13.1.013.1.10+2
debiandebian/gitlab< gitlab 13.2.8-1 (sid)
CVEListV5gitlab/gitlab>=13.2, <13.2.8, >=13.3, <13.3.4, >=8.7, <13.1.10+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-q7qw-4c2f-p3rj: A vulnerability was discovered in GitLab versions before 132022-05-24
OSV
CVE-2020-13289: A vulnerability was discovered in GitLab versions before 132020-09-14

📋Vendor Advisories

2
GitLab
CVE-2020-13289: A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA i2020-09-14
Debian
CVE-2020-13289: gitlab - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13....2020