PT-2020-12466 · Gitlab · Gitlab Ce/Ee+1
Ashish R Padelkar
+1
·
Published
2020-04-08
·
Updated
2024-03-06
·
CVE-2020-10981
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE/CE versions 9.0 through 12.9
Description
The issue allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.
Recommendations
For GitLab EE/CE versions 9.0 through 12.9, consider restricting access to pipeline trigger descriptions to prevent unauthorized modifications until a fix is available.
As a temporary workaround, consider disabling the ability for maintainers to edit pipeline trigger descriptions within the same project.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee