CVE-2020-12277

Published: Apr 29, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 10.8.0 to 12.7.8
Gitlab Gitlab	From 12.8.0 to 12.8.8
Gitlab Gitlab	From 12.9.0 to 12.9.1
Gitlab Gitlab	From 10.8.0 to 12.7.8
Gitlab Gitlab	From 12.8.0 to 12.8.8
Gitlab Gitlab	From 12.9.0 to 12.9.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/

Source: cve@mitre.org

Vendor Advisory

https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.