GitLab Community Edition/Enterprise Edition up to 13.0.1 Mermaid Payload PUT Request privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.0.1 (Bug Tracking Software). It has been classified as critical. Affected is an unknown code of the component Mermaid Payload Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056153710/26/2020VulD...cve_cnaGitLab Inc.nvd.nist.gov10/26/2020accepted70
1056153610/26/2020VulD...confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13262.jsoncve.mitre.org10/26/2020accepted70
1018968606/21/2020VulD...cwe269 (privilege escalation)06/21/2020accepted90
1018968406/21/2020VulD...cve_nvd_summaryClient-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a linkmitre.org06/21/2020accepted100
1018968306/21/2020VulD...cve_assigned1590019200mitre.org06/21/2020accepted100
1018967806/21/2020VulD...cvss3_nvd_aNnist.gov06/21/2020accepted100
1018967706/21/2020VulD...cvss3_nvd_iLnist.gov06/21/2020accepted100
1018967606/21/2020VulD...cvss3_nvd_cLnist.gov06/21/2020accepted100
1018967506/21/2020VulD...cvss3_nvd_sCnist.gov06/21/2020accepted100
1018967406/21/2020VulD...cvss3_nvd_uiRnist.gov06/21/2020accepted100
1018967306/21/2020VulD...cvss3_nvd_prNnist.gov06/21/2020accepted100
1018967206/21/2020VulD...cvss3_nvd_acLnist.gov06/21/2020accepted100
1018967106/21/2020VulD...cvss3_nvd_avNnist.gov06/21/2020accepted100
1018964406/21/2020VulD...typeBug Tracking Software06/21/2020accepted100
1018969406/21/2020VulD...cvss3_nvd_basescore6.1nist.gov06/21/2020accepted90
1018969306/21/2020VulD...cvss3_vuldb_rcX06/21/2020accepted90
1018969206/21/2020VulD...cvss3_vuldb_rlX06/21/2020accepted90
1018969106/21/2020VulD...cvss3_vuldb_eX06/21/2020accepted90
1018969006/21/2020VulD...cvss2_vuldb_rcND06/21/2020accepted90
1018968906/21/2020VulD...cvss2_vuldb_rlND06/21/2020accepted90

Do you know our Splunk app?

Download it now for free!