CVE-2020-13300

Summary

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.3, <13.3.4affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References