CVE-2020-13346

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-13346

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13346.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13346

Aliases

BIT-gitlab-2020-13346

Downstream

UBUNTU-CVE-2020-13346

Published

2020-10-07T14:15:11.747Z

Modified

2026-04-10T04:22:14.486103Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

44dbeccbe1039cb1d42d8502655ffb0bce3ae803

Fixed

8cd5b450a0f100a1e80a3ceceb85282e98b5a5ca

Introduced

44dbeccbe1039cb1d42d8502655ffb0bce3ae803

Fixed

8cd5b450a0f100a1e80a3ceceb85282e98b5a5ca

Introduced

4922d2720ace5802587b8324a77a41b373d08e69

Fixed

34d591d79d0325cd9c6669fde99dba7cc82b9e43

Introduced

4922d2720ace5802587b8324a77a41b373d08e69

Fixed

34d591d79d0325cd9c6669fde99dba7cc82b9e43

Introduced

e70802d39ca8751d0f167d736a34a39c1dc695bc

Fixed

34869f45ee85df86bf0c41b26d21b77943e16376

Introduced

e70802d39ca8751d0f167d736a34a39c1dc695bc

Fixed

34869f45ee85df86bf0c41b26d21b77943e16376

Database specific

{
    "versions": [
        {
            "introduced": "11.2.0"
        },
        {
            "fixed": "13.2.10"
        },
        {
            "introduced": "11.2.0"
        },
        {
            "fixed": "13.2.10"
        },
        {
            "introduced": "13.3.0"
        },
        {
            "fixed": "13.3.7"
        },
        {
            "introduced": "13.3.0"
        },
        {
            "fixed": "13.3.7"
        },
        {
            "introduced": "13.4.0"
        },
        {
            "fixed": "13.4.2"
        },
        {
            "introduced": "13.4.0"
        },
        {
            "fixed": "13.4.2"
        }
    ]
}

Affected versions

v13.*

v13.3.0-ee

v13.3.1-ee

v13.3.2-ee

v13.3.5-ee

v13.3.6-ee

v13.4.0-ee

v13.4.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13346.json"