Search...

CVE-2020-13335

2020-10-07T14:15:00

ID CVE-2020-13335
Type cve
Reporter cve@mitre.org
Modified 2020-10-20T16:50:00

Description

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

JSON Vulners Source

Initial Source

{"lastseen": "2020-10-21T11:10:16", "references": ["https://hackerone.com/reports/503823", "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13335.json", "https://gitlab.com/gitlab-org/gitlab/-/issues/27231"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.2.10:*:*:*:enterprise:*:*:*", "versionEndExcluding": "13.2.10", "versionStartIncluding": "7.12.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.3.7:*:*:*:community:*:*:*", "versionEndExcluding": "13.3.7", "versionStartIncluding": "13.3.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.4.2:*:*:*:community:*:*:*", "versionEndExcluding": "13.4.2", "versionStartIncluding": "13.4.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.2.10:*:*:*:community:*:*:*", "versionEndExcluding": "13.2.10", "versionStartIncluding": "7.12.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.3.7:*:*:*:enterprise:*:*:*", "versionEndExcluding": "13.3.7", "versionStartIncluding": "13.3.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gitlab:gitlab:13.4.2:*:*:*:enterprise:*:*:*", "versionEndExcluding": "13.4.2", "versionStartIncluding": "13.4.0", "vulnerable": true}], "operator": "OR"}]}, "scheme": null, "description": "Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.", "edition": 2, "title": "CVE-2020-13335", "type": "cve", "bulletinFamily": "NVD", "affectedConfiguration": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvelist": ["CVE-2020-13335"], "modified": "2020-10-20T16:50:00", "cpe": [], "id": "CVE-2020-13335", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13335", "viewCount": 10, "reporter": "cve@mitre.org", "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "published": "2020-10-07T14:15:00", "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_A3495E61047F11EB86EA001B217B3468.NASL"]}, {"type": "freebsd", "idList": ["A3495E61-047F-11EB-86EA-001B217B3468"]}], "modified": "2020-10-21T11:10:16", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-10-21T11:10:16", "rev": 2}, "vulnersScore": 5.2}, "cwe": ["CWE-287"], "affectedSoftware": [{"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.2.10"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.2.10"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.3.7"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.3.7"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.4.2"}, {"cpeName": "gitlab:gitlab", "name": "gitlab", "operator": "lt", "version": "13.4.2"}], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": []}

{"nessus": [{"lastseen": "2020-10-20T22:26:51", "description": "Gitlab reports :\n\nPotential Denial Of Service Via Update Release Links API\n\nInsecure Storage of Session Key In Redis\n\nImproper Access Expiration Date Validation\n\nCross-Site Scripting in Multiple Pages\n\nUnauthorized Users Can View Custom Project Template\n\nCross-Site Scripting in SVG Image Preview\n\nIncomplete Handling in Account Deletion\n\nInsufficient Rate Limiting at Re-Sending Confirmation Email\n\nImproper Type Check in GraphQL\n\nTo-dos Are Not Redacted When Membership Changes\n\nGuest users can modify confidentiality attribute\n\nCommand injection on runner host\n\nInsecure Runner Configuration in Kubernetes Environments", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-10-05T00:00:00", "title": "FreeBSD : Gitlab -- multiple vulnerabilities (a3495e61-047f-11eb-86ea-001b217b3468)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-13333", "CVE-2020-13334", "CVE-2020-13327", "CVE-2020-13332", "CVE-2020-13335"], "modified": "2020-10-05T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gitlab-ce"], "id": "FREEBSD_PKG_A3495E61047F11EB86EA001B217B3468.NASL", "href": "https://www.tenable.com/plugins/nessus/141148", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141148);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/20\");\n\n script_cve_id(\"CVE-2020-13327\", \"CVE-2020-13332\", \"CVE-2020-13333\", \"CVE-2020-13334\", \"CVE-2020-13335\");\n\n script_name(english:\"FreeBSD : Gitlab -- multiple vulnerabilities (a3495e61-047f-11eb-86ea-001b217b3468)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Gitlab reports :\n\nPotential Denial Of Service Via Update Release Links API\n\nInsecure Storage of Session Key In Redis\n\nImproper Access Expiration Date Validation\n\nCross-Site Scripting in Multiple Pages\n\nUnauthorized Users Can View Custom Project Template\n\nCross-Site Scripting in SVG Image Preview\n\nIncomplete Handling in Account Deletion\n\nInsufficient Rate Limiting at Re-Sending Confirmation Email\n\nImproper Type Check in GraphQL\n\nTo-dos Are Not Redacted When Membership Changes\n\nGuest users can modify confidentiality attribute\n\nCommand injection on runner host\n\nInsecure Runner Configuration in Kubernetes Environments\"\n );\n # https://about.gitlab.com/releases/2020/10/01/security-release-13-4-2-release/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af908d2e\"\n );\n # https://vuxml.freebsd.org/freebsd/a3495e61-047f-11eb-86ea-001b217b3468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e37a3925\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gitlab-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=13.4.0<13.4.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=13.3.0<13.3.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=7.12<13.2.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2020-10-16T13:01:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13333", "CVE-2020-13334", "CVE-2020-13327", "CVE-2020-13332", "CVE-2020-13335"], "description": "\nGitlab reports:\n\nPotential Denial Of Service Via Update Release Links API\nInsecure Storage of Session Key In Redis\nImproper Access Expiration Date Validation\nCross-Site Scripting in Multiple Pages\nUnauthorized Users Can View Custom Project Template\nCross-Site Scripting in SVG Image Preview\nIncomplete Handling in Account Deletion\nInsufficient Rate Limiting at Re-Sending Confirmation Email\nImproper Type Check in GraphQL\nTo-dos Are Not Redacted When Membership Changes\nGuest users can modify confidentiality attribute\nCommand injection on runner host\nInsecure Runner Configuration in Kubernetes Environments\n\n", "edition": 3, "modified": "2020-10-01T00:00:00", "published": "2020-10-01T00:00:00", "id": "A3495E61-047F-11EB-86EA-001B217B3468", "href": "https://vuxml.freebsd.org/freebsd/a3495e61-047f-11eb-86ea-001b217b3468.html", "title": "Gitlab -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}