Exploitation Summary
EIP tracks 2 public exploits for CVE-2020-13277. PoCs published by EXP-Docs.
AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2020-13277, a GitLab EE logic flaw allowing unauthorized access to private repositories via mirror repository abuse and CI pipeline execution under victim privileges.
Description
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
Exploits (2)
This repository provides a functional proof-of-concept for CVE-2020-13277, a GitLab EE logic flaw allowing unauthorized access to private repositories via mirror repository abuse and CI pipeline execution under victim privileges.
This repository provides a functional exploit for CVE-2020-13277, a GitLab EE logic vulnerability allowing arbitrary users to bypass access controls and access private repositories. The PoC includes a Docker-based lab environment with scripts to automate setup, license cracking, and exploitation via GitLab's Mirror Repository feature.
References (3)
Scores
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N