CVE-2020-10081

Published: Mar 13, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.

Affected (2)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Up to 12.8.1
Gitlab Gitlab	Up to 12.8.1

References (4)

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.