exploitDog

CVE-2020-15525

Опубликовано: 07 июл. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

Ссылки

https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/
Vendor Advisory
https://about.gitlab.com/releases/categories/releases/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/225259
Broken Link
https://about.gitlab.com/releases/2020/07/06/critical-security-release-gitlab-13-1-3-released/
Vendor Advisory
https://about.gitlab.com/releases/categories/releases/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/225259
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.3.0 (включая) до 13.1.2 (включая)

EPSS

Процентиль: 31%

0.00118

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-15525

CVSS3: 5.3

debian

около 5 лет назад

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...

GHSA-prwp-cpfg-vppq

github

около 3 лет назад

GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.

EPSS

Процентиль: 31%

0.00118

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo