Main Vulnerability Database Vulnerabilities #VU47299

Missing Authorization in Gitlab Community Edition - CVE-2020-13319

Published: September 30, 2020 / Updated: October 3, 2020

Vulnerability identifier: #VU47299

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-13319

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote authenticated user to manipulate data.

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.

Remediation

Install update from vendor's website.

External links

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13319.json
https://gitlab.com/gitlab-org/gitlab/-/issues/201806
https://hackerone.com/reports/755188

Missing Authorization in Gitlab Community Edition - CVE-2020-13319

Description

Remediation

External links

Please verify you're human