PT-2020-13463 · Gitlab · Gitlab
Ashish_R_Padelkar
·
Published
2020-09-29
·
Updated
2024-03-06
·
CVE-2020-13322
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitLab versions after 12.9
Description
A vulnerability was discovered due to improper verification of permissions. This issue allows an unauthorized user to create and delete deploy tokens.
Recommendations
For GitLab versions after 12.9, update to a version that includes a fix for this issue to prevent unauthorized creation and deletion of deploy tokens.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab