Unauthorized Project Maintainer Can Edit Subgroup Badges in GitLab

Unauthorized Project Maintainer Can Edit Subgroup Badges in GitLab

CVE-2020-13313 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.

Learn more about our Web Application Penetration Testing UK.