Lucene search

[email protected]CVE-2020-10088

HistoryMar 13, 2020 - 5:15 p.m.

CVE-2020-10088

2020-03-1317:15:12

CWE-269

[email protected]

web.nvd.nist.gov

gitlab

security

permissions

vulnerability

cve-2020-10088

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.6%

JSON

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.

Affected configurations

NVD

Node

gitlabgitlabRange12.5.0–12.8.1community

gitlabgitlabRange12.5.0–12.8.1enterprise

CPENameOperatorVersion
gitlab:gitlabgitlable12.8.1

CPE	Name	Operator	Version
gitlab:gitlab	gitlab	le	12.8.1

References

about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.6%

JSON

Related for CVE-2020-10088

osv2 prion1 cvelist1 nvd1 debiancve1 ubuntucve1