CVE-2020-13313

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13313

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13313.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13313

Aliases

BIT-gitlab-2020-13313

Related

UBUNTU-CVE-2020-13313

Published

2020-09-14T20:15:11Z

Modified

2025-02-19T03:30:24.225734Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

1fa237df2f46d34bd56dd8d018183c756094c2e0

Fixed

f87767a40b6a8c337cfdf7539cad37163b9d141e

Affected versions

v13.*

v13.1.0-ee

v13.1.1-ee

v13.1.2-ee

v13.1.3-ee

v13.1.4-ee

v13.1.5-ee

v13.1.6-ee

v13.1.7-ee

v13.1.8-ee

v13.1.9-ee