CVE-2020-13277

MEDIUM LAB

GitLab CE/EE <13.0.5 - Info Disclosure

Title source: llm

Description

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

Exploits (2)

nomisec WORKING POC 27 stars
by EXP-Docs · poc
https://github.com/EXP-Docs/CVE-2020-13277
inthewild WORKING POC
poc
https://github.com/lyy289065406/cve-2020-13277

References (3)

Scores

CVSS v3 6.3
EPSS 0.0459
EPSS Percentile 89.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull gitlab/gitlab-runner:latest
docker pull gitlab/gitlab-ee:10.6.0-ee.0

Details

CWE
CWE-863
Status published
Products (1)
gitlab/gitlab 10.6.0 - 13.0.5 (2 CPE variants)
Published Jun 19, 2020
Tracked Since Feb 18, 2026