CVE-2020-13266

Summary

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.8, <12.9.8affected
GitLabGitLab>=12.10, <12.10.7affected
GitLabGitLab>=13.0, <13.0.1affected

Weaknesses

  • Missing authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References