CVE-2020-13346

Summary

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=11.2, <13.2.10affected
GitLabGitLab>=13.3.0, <13.3.7affected
GitLabGitLab>=13.4.0, <13.4.2affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References