Detections
Analytics

CVE-2020-10081

medium

Description

GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.

References

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html

https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/

Details

Source: Mitre, NVD

Published: 2020-03-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00075