CVE-2020-13334

Summary

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=8.6, <13.2.10affected
GitLabGitLab>=13.3.0, <13.3.7affected
GitLabGitLab>=13.4.0, <13.4.2affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References