CVE Vulnerabilities

CVE-2020-13318

Published: Sep 14, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 13.0.0 (including) 13.0.12 (excluding)
Gitlab Gitlab 13.1.0 (including) 13.1.10 (excluding)
Gitlab Gitlab 13.2.0 (including) 13.2.8 (excluding)
Gitlab Gitlab 13.3.0 (including) 13.3.4 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu upstream *
Gitlab Ubuntu xenial *

References