Missing Authorization in Gitlab Community Edition - CVE-2020-13319
Published: September 30, 2020 / Updated: October 3, 2020
Vulnerability identifier: #VU47299
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13319
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote authenticated user to manipulate data.
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.
How to mitigate CVE-2020-13319
Install update from vendor's website.