CVE-2020-13308

Published: Sep 15, 2020Modified: Nov 21, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.1.0 to 13.1.10
Gitlab Gitlab	From 13.2.0 to 13.2.8
Gitlab Gitlab	From 13.3.0 to 13.3.4
Gitlab Gitlab	From 13.1.0 to 13.1.10
Gitlab Gitlab	From 13.2.0 to 13.2.8
Gitlab Gitlab	From 13.3.0 to 13.3.4

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (6)

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13308.json

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/29989

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/637675

Source: cve@gitlab.com

Permissions RequiredThird Party Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13308.json

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/29989

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://hackerone.com/reports/637675

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.