Vulnerabilities > CVE-2020-13300 - Incorrect Authorization vulnerability in Gitlab 13.3.0/13.3.1/13.3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/219931
- https://hackerone.com/reports/884766
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13300.json
- https://hackerone.com/reports/884766
- https://gitlab.com/gitlab-org/gitlab/-/issues/219931