CVE-2020-13346

EPSS 0.13%
Veröffentlicht 07.10.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:01:05
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 11.2.0 < 13.2.10

Gitlab ≫ Gitlab SwEditionenterprise Version >= 11.2.0 < 13.2.10

Gitlab ≫ Gitlab SwEditioncommunity Version >= 13.3.0 < 13.3.7

Gitlab ≫ Gitlab SwEditionenterprise Version >= 13.3.0 < 13.3.7

Gitlab ≫ Gitlab SwEditioncommunity Version >= 13.4.0 < 13.4.2

Gitlab ≫ Gitlab SwEditionenterprise Version >= 13.4.0 < 13.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cve@gitlab.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13346.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/219496

Broken Link

https://hackerone.com/reports/880863

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-13346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13346

EUVD