GitLab Enterprise Edition up to 13.0.1 Group Email Address privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in GitLab Enterprise Edition up to 13.0.1 (Bug Tracking Software) and classified as critical. Affected by this vulnerability is an unknown code of the component Group Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/21/2020 10:37 AM10/26/2020 09:30 AM10/26/2020 09:37 AM
vendorGitLabGitLabGitLab
nameEnterprise EditionEnterprise EditionEnterprise Edition
version<=13.0.1<=13.0.1<=13.0.1
componentGroup HandlerGroup HandlerGroup Handler
input_typeEmail AddressEmail AddressEmail Address
risk222
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore4.64.64.6
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.76.76.7
cvss3_meta_tempscore6.76.76.7
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.55.55.5
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592524800 (06/19/2020)1592524800 (06/19/2020)1592524800 (06/19/2020)
urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.json
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2020-13275CVE-2020-13275CVE-2020-13275
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore8.08.08.0
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
cve_assigned159001920015900192001590019200
cve_nvd_summaryA user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1
cwe269 (privilege escalation)269 (privilege escalation)269 (privilege escalation)
confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.json
cve_cnaGitLab Inc.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!