CVE-2020-13346

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13346

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13346.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13346

Aliases

BIT-gitlab-2020-13346

Related

UBUNTU-CVE-2020-13346

Published

2020-10-07T14:15:11Z

Modified

2024-10-12T06:27:09.585584Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4922d2720ace5802587b8324a77a41b373d08e69

Fixed

34d591d79d0325cd9c6669fde99dba7cc82b9e43

Affected versions

v13.*

v13.3.0-ee

v13.3.1-ee

v13.3.2-ee

v13.3.3-ee

v13.3.4-ee

v13.3.5-ee

v13.3.6-ee