Lucene search

K
nvd[email protected]NVD:CVE-2020-13313
HistorySep 14, 2020 - 8:15 p.m.

CVE-2020-13313

2020-09-1420:15:11
CWE-863
web.nvd.nist.gov

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

29.6%

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

Affected configurations

NVD
Node
gitlabgitlabRange13.1.013.1.10community
OR
gitlabgitlabRange13.1.013.1.10enterprise
OR
gitlabgitlabRange13.2.013.2.8community
OR
gitlabgitlabRange13.2.013.2.8enterprise
OR
gitlabgitlabRange13.3.013.3.4community
OR
gitlabgitlabRange13.3.013.3.4enterprise

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

29.6%