CVE-2020-13296 — Missing Authorization in Gitlab

CWE-862 — Missing Authorization5 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 44.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedSep 30

Latest updateMay 24

Description

An issue has been discovered in GitLab affecting versions >=10.7 =13.1.0 =13.2.0 <13.2.6. Improper Access Control for Deploy Tokens

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDgitlab/gitlab13.0.0 — 13.0.14+3

▶debiandebian/gitlab< gitlab 13.2.6-1 (sid)

▶CVEListV5gitlab/gitlab>=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6+2

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-fm8v-3mq9-h889: An issue has been discovered in GitLab affecting versions >=10↗2022-05-24

▶

OSV

CVE-2020-13296: An issue has been discovered in GitLab affecting versions >=10↗2020-09-30

▶

📋Vendor Advisories

GitLab

CVE-2020-13296: An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Toke↗2020-09-30

▶

Debian

CVE-2020-13296: gitlab - An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13....↗2020

▶