GitLab Community Edition/Enterprise Edition up to 13.0.1 Email Verification privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in GitLab Community Edition and Enterprise Edition up to 13.0.1 (Bug Tracking Software). This affects an unknown function of the component Email Verification. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	06/21/2020 09:43 AM	10/26/2020 08:46 AM	10/26/2020 08:50 AM
date	1592524800 (06/19/2020)	1592524800 (06/19/2020)	1592524800 (06/19/2020)
url	https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json	https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json	https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json
price_0day	$0-$5k	$0-$5k	$0-$5k
cve	CVE-2020-13265	CVE-2020-13265	CVE-2020-13265
seealso	157062 157061 157060 157058 157056 157055	157062 157061 157060 157058 157056 157055	157062 157061 157060 157058 157056 157055
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	4.3	4.3	4.3
vendor	GitLab	GitLab	GitLab
name	Community Edition/Enterprise Edition	Community Edition/Enterprise Edition	Community Edition/Enterprise Edition
version	<=13.0.1	<=13.0.1	<=13.0.1
component	Email Verification	Email Verification	Email Verification
risk	2	2	2
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	6.8	6.8	6.8
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	5.3	5.3	5.3
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_ui	R	R	R
cvss3_nvd_s	U	U	U
cvss3_nvd_c	N	N	N
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
cve_assigned	1590019200	1590019200	1590019200
cve_nvd_summary	User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification	User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification	User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
cwe	269 (privilege escalation)	269 (privilege escalation)	269 (privilege escalation)
type	Bug Tracking Software	Bug Tracking Software	Bug Tracking Software
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
confirm_url		https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json	https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13265.json
cve_cna			GitLab Inc.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!