Vulnerability Description
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | <= 12.8.1 |
References
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/Release NotesVendor Advisory
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/indeRelease NotesVendor Advisory
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/Release NotesVendor Advisory
- https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/indeRelease NotesVendor Advisory
FAQ
What is CVE-2020-10081?
CVE-2020-10081 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
How severe is CVE-2020-10081?
CVE-2020-10081 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10081?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.