Lucene search

GitLabCVELIST:CVE-2020-13266

HistoryJun 09, 2020 - 3:34 p.m.

CVE-2020-13266

2020-06-0915:34:39

GitLab

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users’ deploy keys under certain conditions

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "GitLab",
    "versions": [
      {
        "status": "affected",
        "version": ">=12.8, <12.9.8"
      },
      {
        "status": "affected",
        "version": ">=12.10, <12.10.7"
      },
      {
        "status": "affected",
        "version": ">=13.0, <13.0.1"
      }
    ]
  }
]

References

gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13266.json

gitlab.com/gitlab-org/gitlab/-/issues/208449

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for CVELIST:CVE-2020-13266