GitLab Community Edition/Enterprise Edition up to 13.0.1 Notification privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.0.1 (Bug Tracking Software) and classified as critical. Affected by this issue is an unknown code block of the component Notification Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/21/2020 10:37 AM10/26/2020 09:45 AM10/26/2020 09:47 AM
cveCVE-2020-13276CVE-2020-13276CVE-2020-13276
seealso157065 157062 157061 157060157065 157062 157061 157060157065 157062 157061 157060
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore7.47.47.4
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version<=13.0.1<=13.0.1<=13.0.1
componentNotification HandlerNotification HandlerNotification Handler
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore6.06.06.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.47.47.4
cvss3_meta_tempscore7.47.47.4
cvss3_vuldb_basescore7.47.47.4
cvss3_vuldb_tempscore7.47.47.4
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592524800 (06/19/2020)1592524800 (06/19/2020)1592524800 (06/19/2020)
urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned159001920015900192001590019200
cve_nvd_summaryUser is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
cwe269 (privilege escalation)269 (privilege escalation)269 (privilege escalation)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aLLL
confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json
cve_cnaGitLab Inc.

Do you know our Splunk app?

Download it now for free!