CVE-2019-13001

Published: 10 March 2020

An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
gitlab
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Only affects 11.9 and later)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist