Vulnerability Details CVE-2020-10083
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
Products affected by CVE-2020-10083
-
cpe:2.3:a:gitlab:gitlab:12.7.0
-
cpe:2.3:a:gitlab:gitlab:12.7.1
-
cpe:2.3:a:gitlab:gitlab:12.7.2
-
cpe:2.3:a:gitlab:gitlab:12.7.3
-
cpe:2.3:a:gitlab:gitlab:12.7.4
-
cpe:2.3:a:gitlab:gitlab:12.7.5
-
cpe:2.3:a:gitlab:gitlab:12.7.6
-
cpe:2.3:a:gitlab:gitlab:12.7.7
-
cpe:2.3:a:gitlab:gitlab:12.7.8
-
cpe:2.3:a:gitlab:gitlab:12.7.9
-
cpe:2.3:a:gitlab:gitlab:12.8.0
-
cpe:2.3:a:gitlab:gitlab:12.8.1