CVE-2020-11649

Опубликовано: 22 апр. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.

Ссылки

https://about.gitlab.com/blog/categories/releases/
Vendor Advisory
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Vendor Advisory
https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 8.15.0 (включая) до 12.7.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 8.15.0 (включая) до 12.7.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 12.8.0 (включая) до 12.8.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 12.8.0 (включая) до 12.8.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 12.9.0 (включая) до 12.9.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 12.9.0 (включая) до 12.9.3 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

CVE-2020-11649

CVSS3: 6.5

ubuntu

около 5 лет назад

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.

CVE-2020-11649

CVSS3: 6.5

debian

около 5 лет назад

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...

GHSA-qchj-3w44-j257

github

около 3 лет назад

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.

EPSS

Процентиль: 21%

0.00067

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-306