CVE-2020-12277

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-12277
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12277.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-12277
Aliases
Downstream
Published
2020-04-29T17:15:12.037Z
Modified
2026-02-09T07:28:48.758775Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
073a4ba8016203c9e48595afd3ddea430d9420a3
Fixed
0ebcf602332fc27fc2bc8a2eb7b14d7a1685c343
Introduced
0bd32f788647bb832f3d9eb5746cbda5300e0fa2
Fixed
6319b8e640d4c552261b8b679fe61b69b6eec4dc
Introduced
342f33beb2ce090cfabfd0a5e7327b78d04588bb
Fixed
8c3dbc944a2af1e1c5ae9145fc9991d38b7abbb3

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v10.*
v10.8.0.pre
v10.9.0.pre
v11.*
v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0.pre
v12.*
v12.7.0-ee
v12.7.0-rc42-ee
v12.7.0-rc43-ee
v12.7.1-ee
v12.7.2-ee
v12.7.4-ee
v12.7.5-ee
v12.7.6-ee
v12.7.7-ee
v12.8.0-ee
v12.8.1-ee
v12.8.2-ee
v12.8.3-ee
v12.8.4-ee
v12.8.5-ee
v12.8.6-ee
v12.8.7-ee
v12.9.0-ee
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.1
v6.2.2
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.4.1
v6.4.2
v6.4.3
v6.5.0-ee
v6.5.1
v6.6.0-ee
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0-ee
v6.8.1
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee
v7.4.0-ee
v7.4.1-ee
v7.4.2-ee
v7.4.3-ee
v7.4.4-ee
v8.*
v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12277.json"