PT-2020-13499 · Gitlab · Gitlab Ce/Ee+1
Published
2020-11-17
·
Updated
2024-03-06
·
CVE-2020-13358
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 13.3 through 13.3.8
GitLab CE/EE versions 13.4 through 13.4.4
GitLab CE/EE versions 13.5 through 13.5.1
Description
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE allows unauthorized access to private projects.
Recommendations
For GitLab CE/EE versions 13.3 through 13.3.8, update to version 13.3.9 or later to resolve the issue.
For GitLab CE/EE versions 13.4 through 13.4.4, update to version 13.4.5 or later to resolve the issue.
For GitLab CE/EE versions 13.5 through 13.5.1, update to version 13.5.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee