GitLab Community Edition/Enterprise Edition up to 13.3.8/13.4.4/13.5.1 Project Maintainer state issue

Summaryinfo

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.3.8/13.4.4/13.5.1. It has been rated as problematic. This affects an unknown part of the component Project Maintainer Handler. Performing a manipulation results in state issue. This vulnerability was named CVE-2020-13359. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 13.3.8/13.4.4/13.5.1 (Bug Tracking Software). This affects an unknown function of the component Project Maintainer Handler. The manipulation with an unknown input leads to a state issue vulnerability. CWE is classifying the issue as CWE-371. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 11/19/2020. It is possible to read the advisory at gitlab.com. This vulnerability is uniquely identified as CVE-2020-13359. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 13.3.9, 13.4.5 or 13.5.2 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Bug Tracking Software

Vendor

• GitLab

Name

• Community Edition
• Enterprise Edition

Version

• 13.3.0
• 13.3.1
• 13.3.2
• 13.3.3
• 13.3.4
• 13.3.5
• 13.3.6
• 13.3.7
• 13.3.8
• 13.4.0
• 13.4.1
• 13.4.2
• 13.4.3
• 13.4.4
• 13.5.0
• 13.5.1

License

• open-source

Website

• Vendor: https://gitlab.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion