CVE-2020-35236

2020-12-1405:15:10

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.0%

JSON

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.

CPENameOperatorVersion
lagooneq0.22.0
lagooneq1.12.2
lagooneq0.18.3
lagooneq0.20.1
lagooneq0.9.0
lagooneq1.11.0
lagooneq0.15.1
lagooneq0.15.0
lagooneq0.19.1
lagooneq1.0.2

Name	Operator	Version
lagoon	eq	0.22.0
lagoon	eq	1.12.2
lagoon	eq	0.18.3
lagoon	eq	0.20.1
lagoon	eq	0.9.0
lagoon	eq	1.11.0
lagoon	eq	0.15.1
lagoon	eq	0.15.0
lagoon	eq	0.19.1
lagoon	eq	1.0.2

Rows per page:

1-10 of 661

References

github.com/amazeeio/lagoon/commit/1140289bf9fa98b8602ab4662ae867b210d8476b

github.com/amazeeio/lagoon/compare/v1.12.2...v1.12.3

github.com/amazeeio/lagoon/tree/master/services/webhook-handler

github.com/amazeeio/lagoon/tree/master/services/webhooks2tasks