CVE-2020-13261

Published: Jun 19, 2020Modified: Nov 21, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 12.10.0 to 12.10.7
Gitlab Gitlab	From 12.6.0 to 12.9.8
Gitlab Gitlab	From 12.10.0 to 12.10.7
Gitlab Gitlab	From 12.6.0 to 12.9.8
Gitlab Gitlab	Version 13.0.0
Gitlab Gitlab	Version 13.0.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/199242

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/784130

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/199242

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/784130

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.