CVE-2020-13305

Medium

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link…

GitLab·CWE-613·Published 2020-09-14

CVSS

4.3

EPSS

0.01

KEV

Exploits

cve.orgen

173 chars

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.

NVDen

173 chars

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.

Se detectó una vulnerabilidad en GitLab versiones anteriores a 13.1.10, 13.2.8 y 13.3.4. GitLab no invalidaba el enlace de invitación al proyecto al eliminar a un usuario de un proyecto

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N