CVE-2020-13300

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13300
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13300.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13300
Aliases
Related
Published
2020-09-14T19:15:10Z
Modified
2025-01-14T08:44:37.800931Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4922d2720ace5802587b8324a77a41b373d08e69
Fixed
ad7bd7db4124d1f45168ecae80005a8385606809

Affected versions

v13.*

v13.3.0-ee
v13.3.1-ee
v13.3.2-ee
v13.3.3-ee