CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13300

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v3 Score 8.0

CVSS v2 Score 6.4

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json
https://gitlab.com/gitlab-org/gitlab/-/issues/219931
https://hackerone.com/reports/884766
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json
https://gitlab.com/gitlab-org/gitlab/-/issues/219931
https://hackerone.com/reports/884766

Products affected by CVE-2020-13300

Gitlab » Gitlab » Version: 13.3.0

cpe:2.3:a:gitlab:gitlab:13.3.0
Gitlab » Gitlab » Version: 13.3.1

cpe:2.3:a:gitlab:gitlab:13.3.1
Gitlab » Gitlab » Version: 13.3.2

cpe:2.3:a:gitlab:gitlab:13.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13300

Products

Pricing

Contact Us