CVE-2020-11649

Published: Apr 22, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.8.0 to 12.8.9
Gitlab Gitlab	From 12.9.0 to 12.9.3
Gitlab Gitlab	From 8.15.0 to 12.7.9
Gitlab Gitlab	From 12.8.0 to 12.8.9
Gitlab Gitlab	From 12.9.0 to 12.9.3
Gitlab Gitlab	From 8.15.0 to 12.7.9

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://about.gitlab.com/blog/categories/releases/

Source: cve@mitre.org

Vendor Advisory

https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/

Source: cve@mitre.org

Vendor Advisory

https://about.gitlab.com/blog/categories/releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.