PT-2020-13476 · Gitlab · Gitlab

Published

2020-10-07

Updated

2024-03-06

CVE-2020-13335

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions 7.12 and later

Description The issue arises from improper group membership validation when a user account is deleted in GitLab. This allows a user to delete their own account without deleting or transferring their group.

Recommendations For GitLab versions 7.12 and later, update to a version that includes the fix for this issue to prevent users from deleting their accounts without proper group membership validation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-GITLAB-2020-13335

CVE-2020-13335

Affected Products

Gitlab

PT-2020-13476 · Gitlab · Gitlab

CVE-2020-13335

Weakness Enumeration

Related Identifiers

Affected Products

References · 9