CVE Vulnerabilities

CVE-2020-13321

Published: Sep 30, 2020 | Modified: Oct 02, 2020
CVSS 3.x
8.3
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab * 12.10.13 (excluding)
Gitlab Gitlab 13.0.0 (including) 13.0.8 (excluding)
Gitlab Gitlab 13.1.0 (including) 13.1.2 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu xenial *

References