GitLab Community Edition/Enterprise Edition up to 13.0.1 Notification privileges management

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.0.1 (Bug Tracking Software) and classified as critical. Affected by this issue is an unknown code block of the component Notification Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056155310/26/2020VulD...cve_cnaGitLab Inc.nvd.nist.gov10/26/2020accepted70
1056155210/26/2020VulD...confirm_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.jsoncve.mitre.org10/26/2020accepted70
1019008406/21/2020VulD...cwe269 (privilege escalation)06/21/2020accepted90
1019008206/21/2020VulD...cve_nvd_summaryUser is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1mitre.org06/21/2020accepted100
1019008106/21/2020VulD...cve_assigned1590019200mitre.org06/21/2020accepted100
1019007606/21/2020VulD...cvss3_nvd_aLnist.gov06/21/2020accepted100
1019007506/21/2020VulD...cvss3_nvd_iLnist.gov06/21/2020accepted100
1019007406/21/2020VulD...cvss3_nvd_cLnist.gov06/21/2020accepted100
1019007306/21/2020VulD...cvss3_nvd_sCnist.gov06/21/2020accepted100
1019007206/21/2020VulD...cvss3_nvd_uiNnist.gov06/21/2020accepted100
1019007106/21/2020VulD...cvss3_nvd_prLnist.gov06/21/2020accepted100
1019007006/21/2020VulD...cvss3_nvd_acLnist.gov06/21/2020accepted100
1019006906/21/2020VulD...cvss3_nvd_avNnist.gov06/21/2020accepted100
1019004306/21/2020VulD...typeBug Tracking Software06/21/2020accepted100
1019009206/21/2020VulD...cvss3_nvd_basescore7.4nist.gov06/21/2020accepted90
1019009106/21/2020VulD...cvss3_vuldb_rcX06/21/2020accepted90
1019009006/21/2020VulD...cvss3_vuldb_rlX06/21/2020accepted90
1019008906/21/2020VulD...cvss3_vuldb_eX06/21/2020accepted90
1019008806/21/2020VulD...cvss2_vuldb_rcND06/21/2020accepted90
1019008706/21/2020VulD...cvss2_vuldb_rlND06/21/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!