CVE-2020-13335

Summary

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=7.12, <13.2.10affected
GitLabGitLab>=13.3.0, <13.3.7affected
GitLabGitLab>=13.4.0, <13.4.2affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References