GitLab 8.6 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13334)
Discription
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query (CVE-2020-13334) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
References
Back to Main