CVE-2020-13282

Published: Aug 13, 2020Modified: Nov 21, 2024

3.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Exploitability: 0.9 / Impact: 2.5

Source: NVD

Description

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 10.5.0 to 13.0.12
Gitlab Gitlab	From 13.1.0 to 13.1.6
Gitlab Gitlab	From 13.2.0 to 13.2.3
Gitlab Gitlab	From 10.5.0 to 13.0.12
Gitlab Gitlab	From 13.1.0 to 13.1.6
Gitlab Gitlab	From 13.2.0 to 13.2.3

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13282.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/202687

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/790786

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13282.json

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/202687

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/790786

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.