CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10535

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 4.3

References

https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/

Products affected by CVE-2020-10535

Gitlab » Gitlab » Version: 12.8.0

cpe:2.3:a:gitlab:gitlab:12.8.0
Gitlab » Gitlab » Version: 12.8.1

cpe:2.3:a:gitlab:gitlab:12.8.1
Gitlab » Gitlab » Version: 12.8.2

cpe:2.3:a:gitlab:gitlab:12.8.2
Gitlab » Gitlab » Version: 12.8.3

cpe:2.3:a:gitlab:gitlab:12.8.3
Gitlab » Gitlab » Version: 12.8.4

cpe:2.3:a:gitlab:gitlab:12.8.4
Gitlab » Gitlab » Version: 12.8.5

cpe:2.3:a:gitlab:gitlab:12.8.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10535

Products

Pricing

Contact Us