Unverified Email Notification Vulnerability in GitLab CE/EE Versions through 13.0.1

Unverified Email Notification Vulnerability in GitLab CE/EE Versions through 13.0.1

CVE-2020-13276 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

Learn more about our Web Application Penetration Testing UK.