CVE-2020-13294 — Gitlab vulnerability

5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 49.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 10

Latest updateMay 24

Description

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

▶NVDgitlab/gitlab7.7.0 — 13.0.12+2

▶debiandebian/gitlab< gitlab 13.2.3-2 (sid)

▶CVEListV5gitlab/gitlab>=13.1, <13.1.6, >=13.2, <13.2.3, >=7.7, <13.0.12+2

GHSA

GHSA-22mg-qg4r-wh4q: In GitLab before 13↗2022-05-24

▶

OSV

CVE-2020-13294: In GitLab before 13↗2020-08-10

▶

GitLab

CVE-2020-13294: In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.↗2020-08-10

▶

Debian

CVE-2020-13294: gitlab - In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when...↗2020

▶