CVE-2020-13290 — Improper Authentication in Gitlab

Severity

7.2HIGHNVD

EPSS

0.2%

top 60.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 12

Latest updateMay 24

Description

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

▶NVDgitlab/gitlab8.4.0 — 13.0.12+2

▶debiandebian/gitlab< gitlab 13.2.3-2 (sid)

▶CVEListV5gitlab/gitlab>=13.1, <13.1.6, >=13.2, <13.2.3, >=8.4, <13.0.12+2

GHSA

GHSA-2fmv-g8v2-32hj: In GitLab before 13↗2022-05-24

▶

OSV

CVE-2020-13290: In GitLab before 13↗2020-08-12

▶

GitLab

CVE-2020-13290: In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page↗2020-08-12

▶

Debian

CVE-2020-13290: gitlab - In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used o...↗2020

▶