GitLab Enterprise Edition up to 13.0.1 Project Maintainer Impersonation privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Enterprise Edition up to 13.0.1 (Bug Tracking Software). It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Project Maintainer Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056153910/26/2020VulD...cve_cnaGitLab Inc.nvd.nist.gov10/26/2020accepted70
1056153810/26/2020VulD...confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13263.jsoncve.mitre.org10/26/2020accepted70
1018973606/21/2020VulD...cwe269 (privilege escalation)06/21/2020accepted90
1018973506/21/2020VulD...cve_nvd_summaryAn authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.mitre.org06/21/2020accepted100
1018973406/21/2020VulD...cve_assigned1590019200mitre.org06/21/2020accepted100
1018972806/21/2020VulD...cvss3_nvd_aHnist.gov06/21/2020accepted100
1018972706/21/2020VulD...cvss3_nvd_iHnist.gov06/21/2020accepted100
1018972606/21/2020VulD...cvss3_nvd_cHnist.gov06/21/2020accepted100
1018972506/21/2020VulD...cvss3_nvd_sUnist.gov06/21/2020accepted100
1018972406/21/2020VulD...cvss3_nvd_uiNnist.gov06/21/2020accepted100
1018972306/21/2020VulD...cvss3_nvd_prLnist.gov06/21/2020accepted100
1018972206/21/2020VulD...cvss3_nvd_acHnist.gov06/21/2020accepted100
1018972106/21/2020VulD...cvss3_nvd_avNnist.gov06/21/2020accepted100
1018969506/21/2020VulD...typeBug Tracking Software06/21/2020accepted100
1018974406/21/2020VulD...cvss3_nvd_basescore7.5nist.gov06/21/2020accepted90
1018974306/21/2020VulD...cvss3_vuldb_rcX06/21/2020accepted90
1018974206/21/2020VulD...cvss3_vuldb_rlX06/21/2020accepted90
1018974106/21/2020VulD...cvss3_vuldb_eX06/21/2020accepted90
1018974006/21/2020VulD...cvss2_vuldb_rcND06/21/2020accepted90
1018973906/21/2020VulD...cvss2_vuldb_rlND06/21/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!