CVE-2020-13300

Опубликовано: 14 сент. 2020

Источник: debian

Описание

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	13.2.8-1		package

Примечания

https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/

Связанные уязвимости

CVE-2020-13300

CVSS3: 8

ubuntu

больше 5 лет назад

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

CVE-2020-13300

CVSS3: 8

nvd

больше 5 лет назад

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

GHSA-69vx-f9hq-xc87

CVSS3: 10

github

больше 3 лет назад

GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.