CVE-2020-13357

Summary

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab CE/EE>= 13.1 to <13.4.7affected
GitLabGitLab CE/EE>= 13.5 to <13.5.5affected
GitLabGitLab CE/EE>= 13.6 to <13.6.2affected

Weaknesses

  • Authorization bypass through user-controlled key in GitLab

ADP Enrichment

CVE Program Container

Additional References

References