Vulnerability Details CVE-2020-8795
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
- https://about.gitlab.com/releases/categories/releases/
- https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
- https://about.gitlab.com/releases/categories/releases/
Products affected by CVE-2020-8795
-
cpe:2.3:a:gitlab:gitlab:12.5.0
-
cpe:2.3:a:gitlab:gitlab:12.5.1
-
cpe:2.3:a:gitlab:gitlab:12.5.2
-
cpe:2.3:a:gitlab:gitlab:12.5.3
-
cpe:2.3:a:gitlab:gitlab:12.5.4
-
cpe:2.3:a:gitlab:gitlab:12.5.5
-
cpe:2.3:a:gitlab:gitlab:12.5.6
-
cpe:2.3:a:gitlab:gitlab:12.5.7
-
cpe:2.3:a:gitlab:gitlab:12.5.8
-
cpe:2.3:a:gitlab:gitlab:12.5.9
-
cpe:2.3:a:gitlab:gitlab:12.6.0
-
cpe:2.3:a:gitlab:gitlab:12.6.1
-
cpe:2.3:a:gitlab:gitlab:12.6.2
-
cpe:2.3:a:gitlab:gitlab:12.6.3
-
cpe:2.3:a:gitlab:gitlab:12.6.4
-
cpe:2.3:a:gitlab:gitlab:12.6.5
-
cpe:2.3:a:gitlab:gitlab:12.6.6
-
cpe:2.3:a:gitlab:gitlab:12.6.7
-
cpe:2.3:a:gitlab:gitlab:12.6.8
-
cpe:2.3:a:gitlab:gitlab:12.7
-
cpe:2.3:a:gitlab:gitlab:12.7.0
-
cpe:2.3:a:gitlab:gitlab:12.7.1
-
cpe:2.3:a:gitlab:gitlab:12.7.2
-
cpe:2.3:a:gitlab:gitlab:12.7.3
-
cpe:2.3:a:gitlab:gitlab:12.7.4
-
cpe:2.3:a:gitlab:gitlab:12.7.5