CVE-2020-13358

Summary

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.

Affected Software

VendorProductVersion RangeStatus
GitLabGitlab CE/EE>=13.4affected
GitLabGitlab CE/EE<13.4.5affected
GitLabGitlab CE/EE>=13.3affected
GitLabGitlab CE/EE<13.3.9affected
GitLabGitlab CE/EE>=13.5affected
GitLabGitlab CE/EE<13.5.2affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References