Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-13262

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2020-13262
  • Gitlab » Gitlab » Version: 12.10.0
    cpe:2.3:a:gitlab:gitlab:12.10.0
  • Gitlab » Gitlab » Version: 12.10.1
    cpe:2.3:a:gitlab:gitlab:12.10.1
  • Gitlab » Gitlab » Version: 12.10.2
    cpe:2.3:a:gitlab:gitlab:12.10.2
  • Gitlab » Gitlab » Version: 12.10.3
    cpe:2.3:a:gitlab:gitlab:12.10.3
  • Gitlab » Gitlab » Version: 12.10.4
    cpe:2.3:a:gitlab:gitlab:12.10.4
  • Gitlab » Gitlab » Version: 12.10.5
    cpe:2.3:a:gitlab:gitlab:12.10.5
  • Gitlab » Gitlab » Version: 12.10.6
    cpe:2.3:a:gitlab:gitlab:12.10.6
  • Gitlab » Gitlab » Version: 12.9.0
    cpe:2.3:a:gitlab:gitlab:12.9.0
  • Gitlab » Gitlab » Version: 12.9.1
    cpe:2.3:a:gitlab:gitlab:12.9.1
  • Gitlab » Gitlab » Version: 12.9.2
    cpe:2.3:a:gitlab:gitlab:12.9.2
  • Gitlab » Gitlab » Version: 12.9.3
    cpe:2.3:a:gitlab:gitlab:12.9.3
  • Gitlab » Gitlab » Version: 12.9.4
    cpe:2.3:a:gitlab:gitlab:12.9.4
  • Gitlab » Gitlab » Version: 12.9.5
    cpe:2.3:a:gitlab:gitlab:12.9.5
  • Gitlab » Gitlab » Version: 12.9.6
    cpe:2.3:a:gitlab:gitlab:12.9.6
  • Gitlab » Gitlab » Version: 12.9.7
    cpe:2.3:a:gitlab:gitlab:12.9.7
  • Gitlab » Gitlab » Version: 13.0.0
    cpe:2.3:a:gitlab:gitlab:13.0.0


Contact Us

Shodan ® - All rights reserved