5 matches found
CVE-2020-13359
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are =12.10, =13.4, =13.5, 13.5.2...
GitLab 12.10 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13359)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and oth...
CVE-2020-13359
creationtimestamp| type| source ---|---|--- 2020-12-09 06:25:30+00:00| seen| https://t.me/cibsecurity/17405...
CVE-2020-13359
The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are =12.10, =13.4, =13.5, 13.5.2...
CVE-2020-13359
CVE-2020-13359 affects GitLab CE/EE with the Terraform API in 12.10+ where the object storage signed URL is exposed on the delete operation. This allows a malicious project maintainer to overwrite the Terraform state and bypass audit/business controls. Affected versions are >=12.10, =13.4, =13...