CVE-2020-13277

Опубликовано: 19 июн. 2020

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13277.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/220972
Broken Link
https://hackerone.com/reports/894569
Permissions Required
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13277.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/220972
Broken Link
https://hackerone.com/reports/894569
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 10.6.0 (включая) до 13.0.5 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 10.6.0 (включая) до 13.0.5 (включая)

EPSS

Процентиль: 87%

0.03463

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2020-13277

CVSS3: 6.3

ubuntu

около 5 лет назад

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

CVE-2020-13277

CVSS3: 6.3

debian

около 5 лет назад

An authorization issue in the mirroring logic allowed read access to p ...

GHSA-23r2-7xm3-g75g

github

около 3 лет назад

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

EPSS

Процентиль: 87%

0.03463

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863