CVE-2020-13319

MEDIUM

GitLab <13.1.2-12.10.13 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue.

References (3)

Core 3
Core References
Exploit, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/201806
Permissions Required x_refsource_misc
https://hackerone.com/reports/755188

Scores

CVSS v3 4.3
EPSS 0.0078
EPSS Percentile 51.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-862
Status published
Products (1)
gitlab/gitlab < 12.10.13
Published Sep 30, 2020
Tracked Since Feb 18, 2026