CVE Vulnerabilities

CVE-2020-13290

Improper Authentication

Published: Aug 12, 2020 | Modified: Dec 22, 2021
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 13.1.0 *
Gitlab Gitlab 13.2.0 *
Gitlab Gitlab 13.2.0 *
Gitlab Gitlab 13.1.0 *
Gitlab Gitlab 8.4.0 *
Gitlab Gitlab 8.4.0 *

Potential Mitigations

References