Vulnerabilities > CVE-2020-13276 - Missing Authorization vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/25994
- https://hackerone.com/reports/471907
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json
- https://hackerone.com/reports/471907
- https://gitlab.com/gitlab-org/gitlab/-/issues/25994